SSH passwordless access not working : Forums : PythonAnywhere

SSH passwordless access not working

I'm having trouble gaining passwordless access to the Python Anywhere console using a public/private key pair. I have followed the instructions in the tutorial but I am still being prompted for my password when I try to connect.

Here is what I'm doing in my terminal:

MacBook-Pro-3:.ssh joseph$ ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/Users/joseph/.ssh/id_ecdsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/joseph/.ssh/id_ecdsa
Your public key has been saved in /Users/joseph/.ssh/id_ecdsa.pub
The key fingerprint is:
SHA256:Kc2/cEf3lu4Gt7luLvsaNMi97VnEV5ZAi3YlAC2C0UU joseph@MacBook-Pro-3.local
The key's randomart image is:
+---[ECDSA 256]---+
|     .+ oEo.o+ . |
|     . o . .. = .|
|        . .o o .o|
|       o .o +  o.|
|      . S  o.+. +|
|       . . ..o++o|
|        . o .ooo*|
|         o o .+*o|
|          .  o@X.|
+----[SHA256]-----+
MacBook-Pro-3:.ssh joseph$ ssh-copy-id -i id_ecdsa Legroom6828@ssh.pythonanywhere.com  
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_ecdsa.pub"
The authenticity of host 'ssh.pythonanywhere.com (23.21.200.247)' can't be established.
RSA key fingerprint is SHA256:zy2jmqxNg/fs6tFZK55OjHTI3B2UofzOiUvTPtcX3/Y.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
<<<<<<:>~ PythonAnywhere SSH. Help @ https://help.pythonanywhere.com/pages/SSHAccess
Legroom6828@ssh.pythonanywhere.com's password:

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh 'Legroom6828@ssh.pythonanywhere.com'"
and check to make sure that only the key(s) you wanted were added.

MacBook-Pro-3:.ssh joseph$ cat id_ecdsa.pub
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNoEniqAVfwJ9PixJSdT8qb+H4NcgC0Q5yLik4JWds/mFThM2+nJtghxdACxqGS02J9ed7jfvX9dC9dkz2a/jr4= joseph@MacBook-Pro-3.local
MacBook-Pro-3:.ssh joseph$

Here is what my .ssh folder on Python Anywhere is showing.

01:25 ~/.ssh $ ls
authorized_keys                                                                                                                                             
01:25 ~/.ssh $ cat authorized_keys                                                                                                                          
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNoEniqAVfwJ9PixJSdT8qb+H4NcgC0Q5yLik4JWds/mFThM2+nJtghxdACxqGS02J9ed7jfvX9dC9dkz2a/
jr4= joseph@MacBook-Pro-3.local                                                                                                                             
01:25 ~/.ssh $

What am I doing wrong?

Legroom6828 | 9 posts | Dec. 31, 2022, 1:30 a.m. | permalink

Can you show the output of ssh Legroom6828@ssh.pythonanywhere.com -v run from your local machine?

pafk | 2973 posts | PythonAnywhere staff | Dec. 31, 2022, 11:22 a.m. | permalink

@pafk, here is the output.

MacBook-Pro-3:~ joseph$ ssh Legroom6828@ssh.pythonanywhere.com -v
        OpenSSH_8.6p1, LibreSSL 3.3.6
        debug1: Reading configuration data /etc/ssh/ssh_config
        debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
        debug1: /etc/ssh/ssh_config line 54: Applying options for *
        debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
        debug1: Connecting to ssh.pythonanywhere.com port 22.
        debug1: Connection established.
        debug1: identity file /Users/joseph/.ssh/id_rsa type -1
        debug1: identity file /Users/joseph/.ssh/id_rsa-cert type -1
        debug1: identity file /Users/joseph/.ssh/id_dsa type -1
        debug1: identity file /Users/joseph/.ssh/id_dsa-cert type -1
        debug1: identity file /Users/joseph/.ssh/id_ecdsa type 2
        debug1: identity file /Users/joseph/.ssh/id_ecdsa-cert type -1
        debug1: identity file /Users/joseph/.ssh/id_ecdsa_sk type -1
        debug1: identity file /Users/joseph/.ssh/id_ecdsa_sk-cert type -1
        debug1: identity file /Users/joseph/.ssh/id_ed25519 type -1
        debug1: identity file /Users/joseph/.ssh/id_ed25519-cert type -1
        debug1: identity file /Users/joseph/.ssh/id_ed25519_sk type -1
        debug1: identity file /Users/joseph/.ssh/id_ed25519_sk-cert type -1
        debug1: identity file /Users/joseph/.ssh/id_xmss type -1
        debug1: identity file /Users/joseph/.ssh/id_xmss-cert type -1
        debug1: Local version string SSH-2.0-OpenSSH_8.6
        debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
        debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 pat OpenSSH* compat 0x04000000
        debug1: Authenticating to ssh.pythonanywhere.com:22 as 'Legroom6828'
        debug1: load_hostkeys: fopen /Users/joseph/.ssh/known_hosts2: No such file or directory
        debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
        debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
        debug1: SSH2_MSG_KEXINIT sent
        debug1: SSH2_MSG_KEXINIT received
        debug1: kex: algorithm: curve25519-sha256
        debug1: kex: host key algorithm: rsa-sha2-512
        debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
        debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
        debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
        debug1: SSH2_MSG_KEX_ECDH_REPLY received
        debug1: Server host key: ssh-rsa SHA256:zy2jmqxNg/fs6tFZK55OjHTI3B2UofzOiUvTPtcX3/Y
        debug1: load_hostkeys: fopen /Users/joseph/.ssh/known_hosts2: No such file or directory
        debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
        debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
        debug1: Host 'ssh.pythonanywhere.com' is known and matches the RSA host key.
        debug1: Found key in /Users/joseph/.ssh/known_hosts:1
        debug1: rekey out after 134217728 blocks
        debug1: SSH2_MSG_NEWKEYS sent
        debug1: expecting SSH2_MSG_NEWKEYS
        debug1: SSH2_MSG_NEWKEYS received
        debug1: rekey in after 134217728 blocks
        debug1: Will attempt key: j.b@edu ED25519 SHA256:dZwLX4JCfeL8GQyG2ZrrZwKQ7n5EI3Ij+AYfnhtzS0k agent
        debug1: Will attempt key: /Users/joseph/.ssh/id_rsa 
        debug1: Will attempt key: /Users/joseph/.ssh/id_dsa 
        debug1: Will attempt key: /Users/joseph/.ssh/id_ecdsa ECDSA SHA256:Kc2/cEf3lu4Gt7luLvsaNMi97VnEV5ZAi3YlAC2C0UU
        debug1: Will attempt key: /Users/joseph/.ssh/id_ecdsa_sk 
        debug1: Will attempt key: /Users/joseph/.ssh/id_ed25519 
        debug1: Will attempt key: /Users/joseph/.ssh/id_ed25519_sk 
        debug1: Will attempt key: /Users/joseph/.ssh/id_xmss 
        debug1: SSH2_MSG_EXT_INFO received
        debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
        debug1: SSH2_MSG_SERVICE_ACCEPT received
        <<<<<<:>~ PythonAnywhere SSH. Help @ https://help.pythonanywhere.com/pages/SSHAccess
        debug1: Authentications that can continue: publickey,password
        debug1: Next authentication method: publickey
        debug1: Offering public key: j.b@edu ED25519 SHA256:dZwLX4JCfeL8GQyG2ZrrZwKQ7n5EI3Ij+AYfnhtzS0k agent
        debug1: Authentications that can continue: publickey,password
        debug1: Trying private key: /Users/joseph/.ssh/id_rsa
        debug1: Trying private key: /Users/joseph/.ssh/id_dsa
        debug1: Offering public key: /Users/joseph/.ssh/id_ecdsa ECDSA SHA256:Kc2/cEf3lu4Gt7luLvsaNMi97VnEV5ZAi3YlAC2C0UU
        debug1: Authentications that can continue: publickey,password
        debug1: Trying private key: /Users/joseph/.ssh/id_ecdsa_sk
        debug1: Trying private key: /Users/joseph/.ssh/id_ed25519
        debug1: Trying private key: /Users/joseph/.ssh/id_ed25519_sk
        debug1: Trying private key: /Users/joseph/.ssh/id_xmss
        debug1: Next authentication method: password
        Legroom6828@ssh.pythonanywhere.com's password: 
        debug1: Authentication succeeded (password).
        Authenticated to ssh.pythonanywhere.com ([23.21.200.247]:22).
        debug1: channel 0: new [client-session]
        debug1: Requesting no-more-sessions@openssh.com
        debug1: Entering interactive session.
        debug1: pledge: filesystem full
        debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
        debug1: client_input_hostkeys: searching /Users/joseph/.ssh/known_hosts for ssh.pythonanywhere.com / (none)
        debug1: client_input_hostkeys: searching /Users/joseph/.ssh/known_hosts2 for ssh.pythonanywhere.com / (none)
        debug1: client_input_hostkeys: hostkeys file /Users/joseph/.ssh/known_hosts2 does not exist
        debug1: client_input_hostkeys: no new or deprecated keys from server
        debug1: Sending environment.
        debug1: channel 0: setting env LANG = "en_US.UTF-8"
        22:22 ~ $

Legroom6828 | 9 posts | Dec. 31, 2022, 10:31 p.m. | permalink

What if you try to do other keys like id_rsa?

fjl | 4352 posts | PythonAnywhere staff | Jan. 1, 2023, 6:57 p.m. | permalink

Here is my attempt with using an rsa key. I'm authenticating to GitHub using SSH without a password just fine. Could something be wrong on PA's end?

MacBook-Pro-3:.ssh joseph$ ssh-keygen -t rsa 
    Generating public/private rsa key pair.
    Enter file in which to save the key (/Users/joseph/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /Users/joseph/.ssh/id_rsa
    Your public key has been saved in /Users/joseph/.ssh/id_rsa.pub
    The key fingerprint is:
    SHA256:2ePZdsziyl7flijzedvO5BPAlSRd7rgIuUZ6AIxx7dI joseph@MacBook-Pro-3.local
    The key's randomart image is:
    +---[RSA 3072]----+
    |    . ..     .o.+|
    |     =  .     .= |
    |    . oo    . . .|
    |      ..Eo . o o |
    |       .S *   o .|
    |         = * + o |
    |        . * * * +|
    |         + * =.Oo|
    |         .+.=oo+O|
    +----[SHA256]-----+
    MacBook-Pro-3:.ssh joseph$ ssh-copy-id -i id_rsa Legroom6828@ssh.pythonanywhere.com  
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    <<<<<<:>~ PythonAnywhere SSH. Help @ https://help.pythonanywhere.com/pages/SSHAccess
    Legroom6828@ssh.pythonanywhere.com's password:

    Number of key(s) added:        1

    Now try logging into the machine, with:   "ssh 'Legroom6828@ssh.pythonanywhere.com'"
    and check to make sure that only the key(s) you wanted were added.

    MacBook-Pro-3:.ssh joseph$ ssh Legroom6828@ssh.pythonanywhere.com -v 
    OpenSSH_8.6p1, LibreSSL 3.3.6
    debug1: Reading configuration data /Users/joseph/.ssh/config
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
    debug1: /etc/ssh/ssh_config line 54: Applying options for *
    debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
    debug1: Connecting to ssh.pythonanywhere.com port 22.
    debug1: Connection established.
    debug1: identity file /Users/joseph/.ssh/id_rsa type 0
    debug1: identity file /Users/joseph/.ssh/id_rsa-cert type -1
    debug1: identity file /Users/joseph/.ssh/id_dsa type -1
    debug1: identity file /Users/joseph/.ssh/id_dsa-cert type -1
    debug1: identity file /Users/joseph/.ssh/id_ecdsa type -1
    debug1: identity file /Users/joseph/.ssh/id_ecdsa-cert type -1
    debug1: identity file /Users/joseph/.ssh/id_ecdsa_sk type -1
    debug1: identity file /Users/joseph/.ssh/id_ecdsa_sk-cert type -1
    debug1: identity file /Users/joseph/.ssh/id_ed25519 type 3
    debug1: identity file /Users/joseph/.ssh/id_ed25519-cert type -1
    debug1: identity file /Users/joseph/.ssh/id_ed25519_sk type -1
    debug1: identity file /Users/joseph/.ssh/id_ed25519_sk-cert type -1
    debug1: identity file /Users/joseph/.ssh/id_xmss type -1
    debug1: identity file /Users/joseph/.ssh/id_xmss-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_8.6
    debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
    debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 pat OpenSSH* compat 0x04000000
    debug1: Authenticating to ssh.pythonanywhere.com:22 as 'Legroom6828'
    debug1: load_hostkeys: fopen /Users/joseph/.ssh/known_hosts2: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: rsa-sha2-512
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: SSH2_MSG_KEX_ECDH_REPLY received
    debug1: Server host key: ssh-rsa SHA256:zy2jmqxNg/fs6tFZK55OjHTI3B2UofzOiUvTPtcX3/Y
    debug1: load_hostkeys: fopen /Users/joseph/.ssh/known_hosts2: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
    debug1: Host 'ssh.pythonanywhere.com' is known and matches the RSA host key.
    debug1: Found key in /Users/joseph/.ssh/known_hosts:1
    debug1: rekey out after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey in after 134217728 blocks
    debug1: Will attempt key: j.b@edu ED25519 SHA256:dZwLX4JCfeL8GQyG2ZrrZwKQ7n5EI3Ij+AYfnhtzS0k agent
    debug1: Will attempt key: /Users/joseph/.ssh/id_rsa RSA SHA256:2ePZdsziyl7flijzedvO5BPAlSRd7rgIuUZ6AIxx7dI
    debug1: Will attempt key: /Users/joseph/.ssh/id_dsa 
    debug1: Will attempt key: /Users/joseph/.ssh/id_ecdsa 
    debug1: Will attempt key: /Users/joseph/.ssh/id_ecdsa_sk 
    debug1: Will attempt key: /Users/joseph/.ssh/id_ed25519 ED25519 SHA256:0bIC9n1O/HOjqwEMymLeMduPx71oaV22XW1MA0wFjGo
    debug1: Will attempt key: /Users/joseph/.ssh/id_ed25519_sk 
    debug1: Will attempt key: /Users/joseph/.ssh/id_xmss 
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    <<<<<<:>~ PythonAnywhere SSH. Help @ https://help.pythonanywhere.com/pages/SSHAccess
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Offering public key: j.b@edu ED25519 SHA256:dZwLX4JCfeL8GQyG2ZrrZwKQ7n5EI3Ij+AYfnhtzS0k agent
    debug1: Authentications that can continue: publickey,password
    debug1: Offering public key: /Users/joseph/.ssh/id_rsa RSA SHA256:2ePZdsziyl7flijzedvO5BPAlSRd7rgIuUZ6AIxx7dI
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /Users/joseph/.ssh/id_dsa
    debug1: Trying private key: /Users/joseph/.ssh/id_ecdsa
    debug1: Trying private key: /Users/joseph/.ssh/id_ecdsa_sk
    debug1: Offering public key: /Users/joseph/.ssh/id_ed25519 ED25519 SHA256:0bIC9n1O/HOjqwEMymLeMduPx71oaV22XW1MA0wFjGo
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /Users/joseph/.ssh/id_ed25519_sk
    debug1: Trying private key: /Users/joseph/.ssh/id_xmss
    debug1: Next authentication method: password
    Legroom6828@ssh.pythonanywhere.com's password: 
    debug1: Authentication succeeded (password).
    Authenticated to ssh.pythonanywhere.com ([23.21.200.247]:22).
    debug1: channel 0: new [client-session]
    debug1: Requesting no-more-sessions@openssh.com
    debug1: Entering interactive session.
    debug1: pledge: filesystem full
    debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
    debug1: client_input_hostkeys: searching /Users/joseph/.ssh/known_hosts for ssh.pythonanywhere.com / (none)
    debug1: client_input_hostkeys: searching /Users/joseph/.ssh/known_hosts2 for ssh.pythonanywhere.com / (none)
    debug1: client_input_hostkeys: hostkeys file /Users/joseph/.ssh/known_hosts2 does not exist
    debug1: client_input_hostkeys: no new or deprecated keys from server
    debug1: Sending environment.
    debug1: channel 0: setting env LANG = "en_US.UTF-8"
    00:02 ~ $

Legroom6828 | 9 posts | Jan. 2, 2023, 12:06 a.m. | permalink

Try creating an ssh-rsa key and using that instead of the straight rsa key.

glenn | 9498 posts | PythonAnywhere staff | Jan. 2, 2023, 4:10 p.m. | permalink

Is this what you're asking me to do?

ssh-keygen -t ssh-rsa

I'm not sure if I understand.

Legroom6828 | 9 posts | Jan. 2, 2023, 6:05 p.m. | permalink

Yes, it is.

glenn | 9498 posts | PythonAnywhere staff | Jan. 2, 2023, 6:58 p.m. | permalink

Here is the result:

MacBook-Pro-3:~ joseph$ ssh-keygen -t ssh-rsa
Generating public/private ssh-rsa key pair.
Enter file in which to save the key (/Users/joseph/.ssh/id_rsa): 
/Users/joseph/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/joseph/.ssh/id_rsa
Your public key has been saved in /Users/joseph/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:XCZk+7XiH1j69v+i0JGEBNxmA91wVzjueUdQYFqn9Y8 joseph@MacBook-Pro-3.local
The key's randomart image is:
+---[RSA 3072]----+
|       .==oo. ===|
|       o.o*o.=++.|
|        oo+.+..o.|
|       . = o o..o|
|        S o =.Eo.|
|         . * .o o|
|          = o  ..|
|           +...  |
|           .+o.o+|
+----[SHA256]-----+
MacBook-Pro-3:~ joseph$ ssh-copy-id 'Legroom6828@ssh.pythonanywhere.com'
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/joseph/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
<<<<<<:>~ PythonAnywhere SSH. Help @ https://help.pythonanywhere.com/pages/SSHAccess
Legroom6828@ssh.pythonanywhere.com's password:

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh 'Legroom6828@ssh.pythonanywhere.com'"
and check to make sure that only the key(s) you wanted were added.

MacBook-Pro-3:~ joseph$ ssh 'Legroom6828@ssh.pythonanywhere.com'
<<<<<<:>~ PythonAnywhere SSH. Help @ https://help.pythonanywhere.com/pages/SSHAccess
Legroom6828@ssh.pythonanywhere.com's password: 
03:18 ~ $

Legroom6828 | 9 posts | Jan. 5, 2023, 3:19 a.m. | permalink

Could you send the output of ssh-ing in with -vvv?

glenn | 9498 posts | PythonAnywhere staff | Jan. 5, 2023, 11:17 a.m. | permalink