Shared SSH keys not working

I’m trying to follow the directions in this guide. I have it working with other linux systems but osmc is still requiring a password when logging in with ssh.

I created the key on the machine I’m connecting from with:

ssh-keygen -t rsa

I copied the key to osmc with:

ssh-copy-id osmc@osmc

I’m prompted for a password and I enter it.

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'osmc@osmc'"
and check to make sure that only the key(s) you wanted were added.

Still I’m prompted for a password.

Did you edit sshd_config to enable key based authentication?

I haven’t. What needs to be edited?

# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile	%h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
UseDNS no

I checked ~/.ssh/authorized_keys and the rsa key from my machine is in there.

Make sure that your .ssh directory is readable by user only, i.e.700 permissions.

chmod -R 700 ~/.ssh

Done. Didn’t fix the issue, though, if it was meant to.

Make sure the .ssh is 700 on both systems, the Pi and the system you are sshing from.

Your sshd_config looks OK to me.

Still no good. I compared the differences between the sshd_config files on a working machine (Kodibuntu) and not working (OSMC). These seems to be very few differences. I tried commenting out UseDNS in the OSMC config, but no change.

https://www.diffchecker.com/cqsffpep

osmc@osmc:~$ ssh -V
OpenSSH_6.7p1 Debian-5+deb8u1, OpenSSL 1.0.1k 8 Jan 2015
justin@nvidia:~$ ssh -V
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6, OpenSSL 1.0.1f 6 Jan 2014

Try using the -v option to ssh, that should help you see any errors.

ssh -v osmc@osmc

$ ssh -v 'osmc@osmc'
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to osmc [192.168.1.125] port 22.
debug1: Connection established.
debug1: identity file /home/justin/.ssh/id_rsa type 1
debug1: identity file /home/justin/.ssh/id_rsa-cert type -1
debug1: identity file /home/justin/.ssh/id_dsa type -1
debug1: identity file /home/justin/.ssh/id_dsa-cert type -1
debug1: identity file /home/justin/.ssh/id_ecdsa type -1
debug1: identity file /home/justin/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/justin/.ssh/id_ed25519 type -1
debug1: identity file /home/justin/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u1 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA f3:b4:4e:cc:4b:9c:d3:b4:a7:0c:5f:37:08:ca:35:fc
debug1: Host 'osmc' is known and matches the ECDSA host key.
debug1: Found key in /home/justin/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/justin/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/justin/.ssh/id_dsa
debug1: Trying private key: /home/justin/.ssh/id_ecdsa
debug1: Trying private key: /home/justin/.ssh/id_ed25519
debug1: Next authentication method: password

You see any reason for it to fail?

justin@Pavilion ~ $ ls -al .ssh/
total 44
drwx------  2 justin justin 4096 Apr 11 19:28 .
drwxr-xr-x 33 justin justin 4096 Apr 11 16:08 ..
-rwx------  1 justin justin  668 Apr 11 19:27 id_dsa
-rwx------  1 justin justin  605 Apr 11 19:27 id_dsa.pub
-rwx------  1 justin justin  227 Apr 11 19:27 id_ecdsa
-rwx------  1 justin justin  177 Apr 11 19:27 id_ecdsa.pub
-rwx------  1 justin justin  411 Apr 11 19:27 id_ed25519
-rwx------  1 justin justin   97 Apr 11 19:27 id_ed25519.pub
-rwx------  1 justin justin 1675 Apr 11 18:12 id_rsa
-rwx------  1 justin justin  397 Apr 11 18:12 id_rsa.pub
-rwx------  1 justin justin 1332 Apr 10 15:40 known_hosts

On the Pi, check in the authorized_keys file and make sure that the key was properly added.

1 Like

Looks okay to me. Same as on the Kodibuntu box.

osmc@osmc:~$ cat .ssh/authorized_keys 
ssh-dss AAAAB3NzaC1kc3MAAACBAOjmqKRtb6PgCZnPnUZItLBwWVOCZbHTns2oDgrAlqt8jvns1R7AIAT/kKFv38R6fiMTa1WTl1NIvbVT4/kYn5Pzhod1wbKGhYjw4/cAho/zxW7ZooGY23dcr3kv6iQpdy6eNX64ItTdtWWilaiTwdQe/eAEntsDMssDRlHnpsJlAAAAFQDRsTGbFg2v6+PV/uFL2A+2xnuxEwAAAIEA2H918Aer/9cp/j81RKo3EeD5aB6GG4/8hxvnh65ALXkbmJ6RRyEpIHtDAi/LSJXX4jTPjXh+t59SVuJ2663v+FvMPjueyYd/bx7OwxNzgYFSpFpBYTHI561++91ahIik6H56dYKU1WORMZhhq7WQnba4Os04IKNvzgWeHET3jeMAAACAI5tmEao4ojP9/o7o2v/AIAWfd3m5mN1KWIVuupa9EXn0iIiFXTj+1rRIwt7+M93Pa/GWun7Uhh6caxdbrEWx1oRGpIxY3OelkUznBT8lBOlEsRnpUJUmfU4Cyl2OiVMX9ajxGjbft2D8+LcDgi19RlxzvbPByXVBf4zRJWeW9mM= justin@Pavilion
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC02rQfiBpknylBScYdr/EEgijHudBGyrRbVruk6KGOBm6PvKIiyGZwHFoaXp/CAmFJF/+LeWIcRJr0G3JkLD15608jgzL1eVuIcbNGVBKR2hmI78qknuiaejPUGFnPymlHIQMGO0sxCmr6RhXMeL/25LY9JHdEzcVY3vj8EuDeGifUPesr+DHoc1JfRDGANhett7F5QtAny9mWYZ/aLCWv89iAMkc782mn/sMbJkMymFqjwwgU0pEHXQV7AyaGBfq00N8VgDu3UO3b2gegLk2aWA9aSH4azF+2POcME2qXs96thfdy5GGPzJR3WsSpo9RG7s1l2poE2Rmk5GuXs4s1 justin@Pavilion
justin@Pavilion ~ $ cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC02rQfiBpknylBScYdr/EEgijHudBGyrRbVruk6KGOBm6PvKIiyGZwHFoaXp/CAmFJF/+LeWIcRJr0G3JkLD15608jgzL1eVuIcbNGVBKR2hmI78qknuiaejPUGFnPymlHIQMGO0sxCmr6RhXMeL/25LY9JHdEzcVY3vj8EuDeGifUPesr+DHoc1JfRDGANhett7F5QtAny9mWYZ/aLCWv89iAMkc782mn/sMbJkMymFqjwwgU0pEHXQV7AyaGBfq00N8VgDu3UO3b2gegLk2aWA9aSH4azF+2POcME2qXs96thfdy5GGPzJR3WsSpo9RG7s1l2poE2Rmk5GuXs4s1 justin@Pavilion
justin@Pavilion ~ $ cat .ssh/id_dsa.pub
ssh-dss AAAAB3NzaC1kc3MAAACBAOjmqKRtb6PgCZnPnUZItLBwWVOCZbHTns2oDgrAlqt8jvns1R7AIAT/kKFv38R6fiMTa1WTl1NIvbVT4/kYn5Pzhod1wbKGhYjw4/cAho/zxW7ZooGY23dcr3kv6iQpdy6eNX64ItTdtWWilaiTwdQe/eAEntsDMssDRlHnpsJlAAAAFQDRsTGbFg2v6+PV/uFL2A+2xnuxEwAAAIEA2H918Aer/9cp/j81RKo3EeD5aB6GG4/8hxvnh65ALXkbmJ6RRyEpIHtDAi/LSJXX4jTPjXh+t59SVuJ2663v+FvMPjueyYd/bx7OwxNzgYFSpFpBYTHI561++91ahIik6H56dYKU1WORMZhhq7WQnba4Os04IKNvzgWeHET3jeMAAACAI5tmEao4ojP9/o7o2v/AIAWfd3m5mN1KWIVuupa9EXn0iIiFXTj+1rRIwt7+M93Pa/GWun7Uhh6caxdbrEWx1oRGpIxY3OelkUznBT8lBOlEsRnpUJUmfU4Cyl2OiVMX9ajxGjbft2D8+LcDgi19RlxzvbPByXVBf4zRJWeW9mM= justin@Pavilion

(I’ll create new keys after I get this working. )

Wipe out the authorized_keys file on the Pi, and copy your key over again.

Also, for more verbose output from ssh (may help you track down what’s failing)

ssh -vvv osmc@osmc

Wiped and re-copied.

justin@Pavilion ~ $ ssh -vvv 'osmc@osmc'
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to osmc [192.168.1.125] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/justin/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/justin/.ssh/id_rsa type 1
debug1: identity file /home/justin/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/justin/.ssh/id_dsa" as a RSA1 public key
debug1: identity file /home/justin/.ssh/id_dsa type 2
debug1: identity file /home/justin/.ssh/id_dsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/justin/.ssh/id_ecdsa" as a RSA1 public key
debug1: identity file /home/justin/.ssh/id_ecdsa type 3
debug1: identity file /home/justin/.ssh/id_ecdsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/justin/.ssh/id_ed25519" as a RSA1 public key
debug1: identity file /home/justin/.ssh/id_ed25519 type 4
debug1: identity file /home/justin/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "osmc" from file "/home/justin/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/justin/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-sha1-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug2: mac_setup: setup hmac-sha1-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA f3:b4:4e:cc:4b:9c:d3:b4:a7:0c:5f:37:08:ca:35:fc
debug3: load_hostkeys: loading entries for host "osmc" from file "/home/justin/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/justin/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "192.168.1.125" from file "/home/justin/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/justin/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'osmc' is known and matches the ECDSA host key.
debug1: Found key in /home/justin/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/justin/.ssh/id_dsa (0x7f3fe46116d0),
debug2: key: /home/justin/.ssh/id_rsa (0x7f3fe4611630),
debug2: key: /home/justin/.ssh/id_ecdsa (0x7f3fe4612070),
debug2: key: /home/justin/.ssh/id_ed25519 (0x7f3fe4612720),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /home/justin/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: /home/justin/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering ECDSA public key: /home/justin/.ssh/id_ecdsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering ED25519 public key: /home/justin/.ssh/id_ed25519
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
osmc@osmc's password: 

I’m not sure where to go from here. Everything seems OK to me. One final thing to try (I don’t think it will make a difference), but get rid of you id_dsa file (just rename it).

Yeah, I’m stumped too. It should be working. Everything seems to be set up correctly.

I got rid of all the keys except the id_rsa and id_rsa.pub.

So this is where I’m at now:

justin@Pavilion ~ $ ssh -vvv 'osmc@osmc'
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to osmc [192.168.1.125] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/justin/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/justin/.ssh/id_rsa type 1
debug1: identity file /home/justin/.ssh/id_rsa-cert type -1
debug1: identity file /home/justin/.ssh/id_dsa type -1
debug1: identity file /home/justin/.ssh/id_dsa-cert type -1
debug1: identity file /home/justin/.ssh/id_ecdsa type -1
debug1: identity file /home/justin/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/justin/.ssh/id_ed25519 type -1
debug1: identity file /home/justin/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "osmc" from file "/home/justin/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/justin/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-sha1-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug2: mac_setup: setup hmac-sha1-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA f3:b4:4e:cc:4b:9c:d3:b4:a7:0c:5f:37:08:ca:35:fc
debug3: load_hostkeys: loading entries for host "osmc" from file "/home/justin/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/justin/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "192.168.1.125" from file "/home/justin/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/justin/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'osmc' is known and matches the ECDSA host key.
debug1: Found key in /home/justin/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/justin/.ssh/id_rsa (0x7fa4b2a51630),
debug2: key: /home/justin/.ssh/id_dsa ((nil)),
debug2: key: /home/justin/.ssh/id_ecdsa ((nil)),
debug2: key: /home/justin/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/justin/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/justin/.ssh/id_dsa
debug3: no such identity: /home/justin/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/justin/.ssh/id_ecdsa
debug3: no such identity: /home/justin/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/justin/.ssh/id_ed25519
debug3: no such identity: /home/justin/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
osmc@osmc's password: 

Double check the permissions on .ssh and the files under ssh on the Pi. If the directory is not 700, and the files not 600 (or 700) you will be prompted for a password. As a test i did chmod 777 ~/.ssh/* and I get the exact same output from ssh -vvv as you are getting.

sudo journalctl to check any issues being displayed or grab-logs -J so that we can check

http://paste.osmc.io/gepizunofo

Apr 11 20:09:05 osmc sshd[2710]: Authentication refused: bad ownership or modes for directory /home/osmc

What’s the proper permissions for this directory?

osmc@osmc:/home$ ls -al
total 12
drwxr-xr-x  3 root root 4096 Dec 31  1969 .
drwxr-xr-x 24 root root 4096 Dec  4 07:54 ..
drwxrwxrwx 26 osmc osmc 4096 Apr 11 18:04 osmc

Edit: Changing my home directory permissions with chmod 755 /home/osmc/ fixed it.

As I said at the start, check your permissions on ~osmc/.ssh it MUST be 700! Also authorized_keys must be 700 or 600.

It was my home directory, not .ssh that had the wrong permissions. I changed it to 755 and it’s working now.

Also, thanks for all your time, guys. I’m feeling like a complete newb.