[HowTo] set up passwordless ssh

knezi · 24 July 2015 08:18

Hi there,
I have spent hours with configuring ssh passwordless.The problem is there is not support for RSA, so you have to use DSA instead:

local$ ssh-keygen -t dsa (then just hitting enter)
local$ ssh-copy-id osmc@ip-address

Then the following should work without prompt for password:

local$ ssh osmc@ip-address

If not, check that the permissions and the ownerships of directories, it should be like the following:

osmc@osmc:~$ ls -ld .
drwx------ 19 osmc osmc 4096 Jul 24 07:39 .
osmc@osmc:~$ ls -ld .ssh
drwx------ 2 osmc osmc 4096 Jul 24 08:07 .ssh
osmc@osmc:~$ ls -l .ssh/*
-rw------- 1 osmc osmc 2260 Jul 24 07:49 .ssh/authorized_keys

Note: DSA can be (read man ssh-keygen) just 1024 bits long, so it is not safety enough! The safety is similar to RSA while having the same length of keys, but RSA default today is 2048b. So do not use this if it is publicly accessible.

I just wonder why it is not supported. And anyway, why there is no rsyslog and man? If you want to see log of ssh, use:

sudo apt-get install rsyslog
sudo systemctl start rsyslog

It is then stored in /var/log/auth.conf.

Tested on RC3, RasPI 2, but should be platform independent.

fzinken · 24 July 2015 08:26

I am not sure why you assume that RSA is not supported on OSMC?
I generated the RSA key on my notebook, copied it to the OSMC box and have password less access using RSA keys.

knezi · 24 July 2015 08:33

Well, because I everything set with RSA and it did not work (I have been trying it for several hours), then just replaced with DSA and everything worked. I will look at it.
EDIT: confirming. If I delete DSA and leave RSA alone in .ssh, it needs passwd.
The weird thing is that the key is actually allowed, more in my /var/log/auth.log:

Jul 24 08:36:54 osmc sshd[3591]: debug1: matching key found: file /home/osmc/.ssh/authorized_keys, line 1 RSA 46:68:17:f3:90:2a:19:92:68:ee:4e:f1:33:78:f0:57
Jul 24 08:36:54 osmc sshd[3591]: debug1: restore_uid: 0/0
Jul 24 08:36:54 osmc sshd[3591]: debug3: mm_answer_keyallowed: key 0x7781bc98 is allowed
Jul 24 08:36:54 osmc sshd[3591]: debug3: mm_request_send entering: type 23
Jul 24 08:36:54 osmc sshd[3591]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
Jul 24 08:36:54 osmc sshd[3591]: Postponed publickey for osmc from 192.168.1.15 port 38720 ssh2 [preauth]

Ghosthree3 · 29 August 2015 07:26

RSA works fine for me too. Did your sshd_config somehow get changed to forbid RSA?

Turns out DSA just recently became deprecated too. Not sure when that update will come to OSMC and if it means removal of support.