I am trying to create my own SSH key to connect from one VM A to another VM B (both are Debian/bullseye64 systems).
Both VMs are configured to be on a public network using vagrant on my system with A on 192.168.0.103 and B on 192.168.0.104
I used the following to generate my key on VM A and named it ansible_id_rsa
and also copied both the private and public key to /etc/ssh
of VM A.
sudo ssh-keygen -t rsa
Once generated, I copied the ansible_id_rsa.pub
content from VM A and copied it into ~/.ssh/authorized_keys
of VM B. (Just to note: B already had an existing key in authorized_keys to connect to my system and I appended to it in the next line).
These are the permissions of the .ssh
of both folders
drwx------ 2 vagrant vagrant 4096 Aug 18 02:53 .
drwxr-xr-x 3 vagrant vagrant 4096 Aug 18 03:09 ..
-rw------- 1 root root 2590 Aug 18 01:50 ansible_id_rsa
-rw-r--r-- 1 root root 563 Aug 18 01:50 ansible_id_rsa.pub
-rw------- 1 vagrant vagrant 409 Dec 30 2021 authorized_keys
-rw-r--r-- 1 vagrant vagrant 223 Aug 18 02:52 known_hosts
I also edited the /etc/ssh/sshd_config
file to have:
PasswordAuthentication no
PermitRootLogin yes
PubKeyAuthentication yes
RSAAuthentication yes
Then I attempted connecting to VM B from VM A by running the following on VM A while in ~/.ssh
:
ssh -i ansible_id_rsa -vvv [email protected]
It fails connection and prints the following on terminal:
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.0.104 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/vagrant/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/vagrant/.ssh/known_hosts2'
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.104 [192.168.0.104] port 22.
debug1: Connection established.
debug1: identity file ansible_id_rsa type 0
debug1: identity file ansible_id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5
debug1: match: OpenSSH_8.4p1 Debian-5 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.0.104:22 as 'root'
debug3: hostkeys_foreach: reading file "/home/vagrant/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/vagrant/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 192.168.0.104
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:fqpDpY0+XthUBnzv4qVjeL7dErgkvw9ocdiBRR4un38
debug3: hostkeys_foreach: reading file "/home/vagrant/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/vagrant/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 192.168.0.104
debug1: Host '192.168.0.104' is known and matches the ECDSA host key.
debug1: Found key in /home/vagrant/.ssh/known_hosts:2
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: ansible_id_rsa RSA SHA256:i9s/9B3nDrmfC1fJsiTMs7FqeATpPKpvXFInHfwXMC4 explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: ansible_id_rsa RSA SHA256:i9s/9B3nDrmfC1fJsiTMs7FqeATpPKpvXFInHfwXMC4 explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
Can someone tell me what all might I be doing wrong? I tried out the various things I found across similar threads but I couldn't get them to work.
PS: Had to remove parts of the -vvv log as it was getting marked as spam while posting the question
root
andvagrant
on your VM B. Please show the sshd log entries from your connection attempt on VM B.~/.ssh
. Also, did you restart SSH after changing configuration?sudo systemctl restart sshd.service
sudo ssh -i ansible_id_rsa [email protected]
and I was able to ssh into VM B because I added the public key to authorized_keys while being uservagrant
. But I still want to be able to access B with user root if possible instead of vagrant. I tried going to ~/.ssh in root but it doesn't seem to exist. Any idea how to get around this?