SSH Public Key Authentication

I've been having trouble trying to authenticate my macbook air client using ssh to connect to my Raspberry Pi server. Are there any suggestions as to why this isn't working?

Things I've tried:

Created an ssh key and copied the public key to the server's ~/.ssh/authorized_keys folder
Enabled port forwarding to port 777 (using that port for SSH)
Set up permissions on my server for the ~/.ssh and ~/.ssh/* folders
Enabled RSAAuthentication and PubkeyAuthentication in my server's /etc/ssh/sshd_config file

Logs on the client side:

>>> ssh -vvv -i ~/.ssh/id_rsa pi@raspberrypi.local
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to raspberrypi.local [192.168.0.13] port 777.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/addie/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /Users/addie/.ssh/id_rsa type 1
debug1: identity file /Users/addie/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [raspberrypi.local]:777
debug3: load_hostkeys: loading entries for host "[raspberrypi.local]:777" from file "/Users/addie/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 503/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 32:b0:3a:60:39:3c:38:9b:35:33:b7:80:d6:06:37:a9
debug3: put_host_port: [192.168.0.13]:777
debug3: put_host_port: [raspberrypi.local]:777
debug3: load_hostkeys: loading entries for host "[raspberrypi.local]:777" from file "/Users/addie/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "[192.168.0.13]:777" from file "/Users/addie/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: checking without port identifier
debug3: load_hostkeys: loading entries for host "raspberrypi.local" from file "/Users/addie/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/addie/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "192.168.0.13" from file "/Users/addie/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/addie/.ssh/known_hosts:7
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'raspberrypi.local' is known and matches the RSA host key.
debug1: Found key in /Users/addie/.ssh/known_hosts:4
debug1: found matching key w/out port
debug2: bits set: 505/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/addie/.ssh/id_rsa (0x7fe36a415cd0), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/addie/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

Logs on the server side:

>>> cat /var/log/auth.log
sshd[4115]: User pi authorized keys /home/pi/.ssh/authorized_keys is not a regular file
sshd[4115]: Connection closed by 192.168.0.5

Addie

Posted 2015-10-11T07:26:43.950

Reputation: 133

Something seems to be wrong with the authorized_keys file. Could you show us the result of ls -l /home/pi/.ssh/authorized_keys – Thomas Weinbrenner – 2015-10-11T07:45:33.793

Here's the output. I have two public keys in there, one from my mac and one from my iPhone: -rw------- 1 pi pi 743 Oct 11 05:42 id_rsa.pub -rw------- 1 pi pi 725 Oct 2 18:51 ios_id_rsa.pub – Addie – 2015-10-11T07:48:27.300

no, run the required command, to see how the file looks. – Jakuje – 2015-10-11T07:54:42.170

Thanks I've made this change, but I'm still getting the Permission denied (publickey). error. – Addie – 2015-10-11T08:19:51.013

What is /var/log/auth.log saying now? – Thomas Weinbrenner – 2015-10-11T08:21:18.340

This is the new error: input_userauth_request: invalid user addie [preauth] – Addie – 2015-10-11T08:23:15.760

autorized_keys should be -rw------- (chmod 600), do not forget -l pi – Archemar – 2015-10-11T08:26:43.187

2Did you try login in with the wrong username? Did you use ssh raspberrypi.local or ssh pi@raspberrypi.local? – Thomas Weinbrenner – 2015-10-11T08:27:30.530

I believe it's right. I used: ssh pi@raspberrypi.local – Addie – 2015-10-11T08:35:34.710

I tried to ssh a few more times and for some reason am no longer seeing the invalid user error. All I see now is Connection closed by 192.168.0.5 [preauth] – Addie – 2015-10-11T08:40:39.490

@Addie you are trying to login with your local username (addie). You need to tell ssh to login with pi user with either ssh pi@raspberrypi.local or ssh -l pi raspberrypi.local. – Alvaro Gutierrez Perez – 2015-10-11T15:40:35.623

@ÁlvaroGutiérrez As I wrote above, I've been trying to ssh in using ssh pi@raspberrypi.local to no avail. The client still gives me the error Permission denied (publickey). There is no error now coming from the server side other than Connection closed by 192.168.0.5 [preauth] – Addie – 2015-10-11T15:44:49.217