Forums

Hey, I can't get passwordless ssh access working.

I tried ssh-copy-id wobble@ssh.pythonanywhere.com, which seemed to work. Authorised_keys has updated, an in fact now has 2 copies of my 2 keys (since I tried it a second time).

When I try to ssh in, I get the below:

debug1: Server host key: ssh-rsa SHA256:zy2jmqxNg/fs6tFZK55OjHTI3B2UofzOiUvTPtcX3/Y  
debug1: Host 'ssh.pythonanywhere.com' is known and matches the RSA host key.  
debug1: Found key in /home/brook/.ssh/known_hosts:20  
debug1: rekey out after 134217728 blocks  
debug1: SSH2_MSG_NEWKEYS sent  
debug1: expecting SSH2_MSG_NEWKEYS  
debug1: SSH2_MSG_NEWKEYS received  
debug1: rekey in after 134217728 blocks  
debug1: Will attempt key: /home/brook/.ssh/id_ed25519 ED25519   SHA256:YcCaQsQQkQlXDMRXJYno1koQRKIah8G/dwDtHxhB0Ss agent  
debug1: Will attempt key: /home/brook/.ssh/id_rsa RSA   SHA256:KSzWhR6YI2Kar8m8B2X4bQ9s7eO8KReGlMMAZ5o664Q agent  
debug1: Will attempt key: /home/brook/.ssh/id_dsa   
debug1: Will attempt key: /home/brook/.ssh/id_ecdsa   
debug1: Will attempt key: /home/brook/.ssh/id_ecdsa_sk   
debug1: Will attempt key: /home/brook/.ssh/id_ed25519_sk   
debug1: Will attempt key: /home/brook/.ssh/id_xmss   
debug1: SSH2_MSG_EXT_INFO received  
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-  sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-  nistp256@openssh.com>  
debug1: SSH2_MSG_SERVICE_ACCEPT received  
<<<<<<:>~ PythonAnywhere SSH. Help @ https://help.pythonanywhere.com/pages/SSHAccess  
debug1: Authentications that can continue: publickey,password  
debug1: Next authentication method: publickey  
debug1: Offering public key: /home/brook/.ssh/id_ed25519 ED25519   SHA256:YcCaQsQQkQlXDMRXJYno1koQRKIah8G/dwDtHxhB0Ss agent  
debug1: Authentications that can continue: publickey,password  
debug1: Offering public key: /home/brook/.ssh/id_rsa RSA   SHA256:KSzWhR6YI2Kar8m8B2X4bQ9s7eO8KReGlMMAZ5o664Q agent  
debug1: Authentications that can continue: publickey,password  
debug1: Trying private key: /home/brook/.ssh/id_dsa  
debug1: Trying private key: /home/brook/.ssh/id_ecdsa  
debug1: Trying private key: /home/brook/.ssh/id_ecdsa_sk  
debug1: Trying private key: /home/brook/.ssh/id_ed25519_sk  
debug1: Trying private key: /home/brook/.ssh/id_xmss  
debug1: Next authentication method: password

[formatted by admin]

I have the same issue. Recently set up a new pythonanywhere server and got the same problem. From ssh -v I can see that the right key is being offered, but it's just not being accepted. Tried creating the authorized_keys file manually, tried changing permissions to 700 (dir) and 600 (file), tried ssh-copy-id... none of it works, it always falls back to password login. I don't have this problem on other pythonanywhere servers I am trying to log into, just with this new server.

@wobble & @FRCwebsite What is the command you use when you try to establish ssh connection? Are you able to connect using your password?

@fjl - I have configured the settings in my .ssh/config so I just run:

ssh -v pythonanywhere

Here is my .ssh/config:

Host pythonanywhere
User FRCwebsite
Hostname ssh.pythonanywhere.com
IdentityFile ~/.ssh/my_file

Note that I have an identical block for another pythonanywhere server and that one works well (the only difference is the username, other than that all is the same). And yes, I can log in with the password just fine (which is what I do now, as the server prompts me for the pwd after rejecting the key, but clearly this is inconvenient).

BTW here is the relevant debugging info where you can see the server rejects the key:

$ ssh -v pythonanywhere

.... making connection to the server ... 
<<<<<<:>~ PythonAnywhere SSH. Help @ https://help.pythonanywhere.com/pages/SSHAccess
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/me/.ssh/my_file RSA SHA256:fingerprint... explicit agent
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password

What are the permissions on the authorized_keys file? That is, the output of

ls -l ~/.ssh/authorized_keys

It should be -rw-------, so it it's not, perhaps a

chmod 600 ~/.ssh/authorized_keys

...will fix the problem?

You might also want to check the perms of the ~/.ssh directory, which should be chmodded 700 in the same manner.

Thanks @giles. However, as I mentioned in my earlier post I had already set 600 and 700 permissions, so nothing I can change there...

PS there is nothing on our server yet, so if you want to try and configure your own ssh keys to see if you are able to log in, please by all means go ahead.

@fjl Was using ssh -v wobble@ssh.pythonanywhere.com and yes, using password worked

I have the below permissions:

-rw------- 1 wobble registered_users 1352 Apr 12 11:04 authorized_keys -rw------- 1 wobble registered_users 1675 Apr 5 14:12 id_rsa -rw-r--r-- 1 wobble registered_users 407 Apr 5 14:12 id_rsa.pub -rw-r--r-- 1 wobble registered_users 3094 Apr 12 10:58 known_hosts

@FRCwebsite -- apologies, I'd missed your post about the perms.

I think I've tracked the problem down :-) The SSH configuration looks like it was missing a line to search for keys on a particular file server, and both of your accounts are on that file server. I've fixed the problem, so if you try to log in again now, it should pick up the keys and work properly.

Great @giles -- it indeed works as expected now, thanks for sorting this out!

Glad to hear that!