problems ssh'ing without using a password to host

Question

I am trying to log into a Netgear ReadyNAS 314 NAS via ssh. I have set up ssh and copied over the appropriate files:

drw------- 1 jordan users 176 Aug 30 23:42 .ssh

and inside .ssh:

drwx------ 1 jordan users    34 Aug 30 23:31 ..
-rw------- 1 jordan users   395 Aug 30 23:32 authorized_keys
drwx------ 1 jordan users    32 Aug 30 23:32 github
-rwx------ 1 jordan users   395 Aug 30 23:32 id_rsa.pub
-rwx------ 1 jordan users  1675 Aug 30 23:32 id_rsa
-rwx------ 1 jordan users  1089 Aug 30 23:32 config
-rw------- 1 jordan users 20625 Aug 30 23:32 known_hosts
-rw------- 1 jordan users     0 Aug 30 23:42 ssh_authorized_keys

Here is my /etc/sshd/sshd_config file (note that for some reason the first line reads "Do not edit"):

# Do not edit.
Protocol 2
Port 22
#ListenAddress ::
#ListenAddress 0.0.0.0
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
# Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/ssh_authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

When I run /usr/sbin/sshd -d I get the following:

root@andraia:/home/jordan# /usr/sbin/sshd -d
debug1: Config token is protocol
debug1: Config token is port
debug1: Config token is hostkey
debug1: Config token is hostkey
debug1: Config token is hostkey
debug1: Config token is useprivilegeseparation
debug1: Config token is keyregenerationinterval
debug1: Config token is serverkeybits
debug1: Config token is syslogfacility
debug1: Config token is loglevel
debug1: Config token is logingracetime
debug1: Config token is permitrootlogin
debug1: Config token is strictmodes
debug1: Config token is rsaauthentication
debug1: Config token is pubkeyauthentication
debug1: Config token is authorizedkeysfile
debug1: Config token is ignorerhosts
debug1: Config token is rhostsrsaauthentication
debug1: Config token is hostbasedauthentication
debug1: Config token is permitemptypasswords
debug1: Config token is challengeresponseauthentication
debug1: Config token is passwordauthentication
debug1: Config token is x11forwarding
debug1: Config token is x11displayoffset
debug1: Config token is printmotd
debug1: Config token is printlastlog
debug1: Config token is tcpkeepalive
debug1: Config token is acceptenv
debug1: Config token is subsystem
debug1: Config token is usepam
debug1: HPN Buffer Size: 87380
debug1: sshd version OpenSSH_6.7, OpenSSL 1.0.1t  3 May 2016
debug1: private host key: #0 type 1 RSA
debug1: private host key: #1 type 2 DSA
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
debug1: Server TCP RWIN socket size: 87380
debug1: HPN Buffer Size: 87380
Server listening on 0.0.0.0 port 22.

And when I try to connect I get this:

debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
debug1: HPN Disabled: 0, HPN Buffer Size: 87380
Connection from <client-ip> port 55314 on <host-ip> port 22
debug1: Client protocol version 2.0; client software version OpenSSH_8.9p1 Ubuntu-3
SSH: Server;Ltype: Version;Remote: <client-ip>-55314;Protocol: 2.0;Client: OpenSSH_8.9p1 Ubuntu-3
debug1: Remote is NON-HPN aware
debug1: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x24000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1-hpn14v5 Debian-5+deb8u7.netgear1
debug1: permanently_set_uid: 82/99 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: AUTH STATE IS 0 [preauth]
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com' [preauth]
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none [preauth]
SSH: Server;Ltype: Kex;Remote: <client-ip>-55314;Enc: chacha20-poly1305@openssh.com;MAC: (null);Comp: none [preauth]
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com' [preauth]
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user jordan service ssh-connection method none [preauth]
SSH: Server;Ltype: Authname;Remote: <client-ip>-55314;Name: jordan [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: Config token is protocol
debug1: Config token is port
debug1: Config token is hostkey
debug1: Config token is hostkey
debug1: Config token is hostkey
debug1: Config token is useprivilegeseparation
debug1: Config token is keyregenerationinterval
debug1: Config token is serverkeybits
debug1: Config token is syslogfacility
debug1: Config token is loglevel
debug1: Config token is logingracetime
debug1: Config token is permitrootlogin
debug1: Config token is strictmodes
debug1: Config token is rsaauthentication
debug1: Config token is pubkeyauthentication
debug1: Config token is authorizedkeysfile
debug1: Config token is ignorerhosts
debug1: Config token is rhostsrsaauthentication
debug1: Config token is hostbasedauthentication
debug1: Config token is permitemptypasswords
debug1: Config token is challengeresponseauthentication
debug1: Config token is passwordauthentication
debug1: Config token is x11forwarding
debug1: Config token is x11displayoffset
debug1: Config token is printmotd
debug1: Config token is printlastlog
debug1: Config token is tcpkeepalive
debug1: Config token is acceptenv
debug1: Config token is subsystem
debug1: Config token is usepam
debug1: PAM: initializing for "jordan"
debug1: PAM: setting PAM_RHOST to "surfer"
debug1: PAM: setting PAM_TTY to "ssh"

I know the key files are good as I use them on other hosts and have done this a bajillion times. There is something else going on that I am missing...

You shouldn't copy `id_rsa*` files there. `id_rsa.pub` contents need to be in `authorized_keys`. — Tero Kilkanen, Aug 31 '22 at 15:24

score 0 · Answer 1 · answered Aug 31 '22 at 12:38

0

The access on your files are not correct. Remove the Xecutable flag from all of your files.

answered Aug 31 '22 at 12:38

yield

731
1
8
24

removing the x flag does nothing – jordanthompson Aug 31 '22 at 16:32
I just found that I am able to ssh from other (Debian) hosts to the NAS (Debian), but not from my laptop (Windows 11 WSL2-Debian) using identical copies of the .ssh files! I am able to ssh from WSL2 to all of my other hosts! I've never had this issue going from my laptop before – jordanthompson Sep 01 '22 at 00:24

score 0 · Answer 2 · answered Sep 01 '22 at 01:13

I believe that since the NAS is old, the encryption methods are out of date and for whatever reason my other hosts are OK with that, but WSL2 is not. I tried to update the OS, but even that failed:

jordan@andraia:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up nfs-kernel-server (1:1.2.8-9+deb8u1) ...
update-rc.d: error: initscript does not exist: /etc/init.d/nfs-kernel-server
dpkg: error processing package nfs-kernel-server (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 nfs-kernel-server
E: Sub-process /usr/bin/dpkg returned an error code (1)

I added the following to my /etc/ssh/ssh_config:

PubkeyAcceptedKeyTypes ssh-rsa

and now I am able to ssh to the NAS from my WSL2 environment without a password (and connecting to my other hosts works fine as well).

problems ssh'ing without using a password to host

2 Answers2