# Howto log in automatically with publickey?

## Napalm Llama

My situation has a little more complexity than you might suspect, because I'm using Dropbear as my server (but OpenSSH as my client).

I've tried following various HOWTOs out there, but I just can't seem to get the damn thing working - it always falls back to password auth, or simply fails if I disable that.

Here's a verbose output:

```
nl@splig ~/.ssh $ ssh -i id_klunk klunk@muttley -v

OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Connecting to muttley [192.168.0.10] port 22.

debug1: Connection established.

debug1: identity file id_klunk type 2

debug1: Remote protocol version 2.0, remote software version dropbear_0.49

debug1: no match: dropbear_0.49

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.5

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: sending SSH2_MSG_KEXDH_INIT

debug1: expecting SSH2_MSG_KEXDH_REPLY

debug1: Host 'muttley' is known and matches the RSA host key.

debug1: Found key in /home/nl/.ssh/known_hosts:16

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Offering public key: id_klunk

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: password

klunk@muttley's password:

debug1: Authentications that can continue: publickey,password

Permission denied, please try again.

klunk@muttley's password:
```

For some reason it doesn't like my key.  Does anybody know what I might be doing wrong?

----------

## Hu

Does the public key on the server conform to the security requirements imposed by the daemon?  If you are not sure, post the output of ls -la ~/.ssh on both the client and the server.

----------

## Napalm Llama

Ah, this is one of the things that was causing me confusion.  Which user's ~/.ssh/ directory do I use on the server?  Is it the one of the user I want to login as, is it root, or does Dropbear use some different config from OpenSSH (the implementation all the HOWTOs refer to) and look in /etc/ or something?

Here's the output from my client:

```
total 56

drwx------   2 nl users  4096 Jul 13 22:50 .

drwxr-xr-x 181 nl users 20480 Jul 14 12:50 ..

-rw-------   1 nl users   668 Jul 13 22:01 id_dsa

-rw-r--r--   1 nl users   598 Jul 13 22:01 id_dsa.pub

-rw-------   1 nl users   668 Jul 13 16:51 id_klunk

-rw-r--r--   1 nl users   598 Jul 13 16:51 id_klunk.pub

-rw-------   1 nl users  1675 Jul 13 22:50 id_rsa_klunk

-rw-r--r--   1 nl users   390 Jul 13 22:50 id_rsa_klunk.pub

-rw-r--r--   1 nl users  4854 Jun 19 22:32 known_hosts
```

id_klunk[.pub] is a DSA key pair - I made that first, and then tried making an equivalent RSA key pair as well to see if that was the problem.  It wasn't.

----------

## Hu

 *Napalm Llama wrote:*   

> Ah, this is one of the things that was causing me confusion.  Which user's ~/.ssh/ directory do I use on the server?  Is it the one of the user I want to login as, is it root, or does Dropbear use some different config from OpenSSH (the implementation all the HOWTOs refer to) and look in /etc/ or something?

 

For OpenSSH, it would be the ~/.ssh directory of the user you are logging in as.  I do not know about Dropbear, but expect that if it supports public key authentication, it would follow a similar scheme.  Can you turn up the logging level on the Dropbear server to find out why it is rejecting the key?  This would probably only be logged when you enable debug logging.

----------

## Napalm Llama

Oh - it works now.  I don't know why... I've restarted my client machine since I last tried, but I don't see what that could have to do with it.  Are SSH certificates stored in environment variables or something?  :Confused: 

It's really annoying when that happens...

[edit:]

For the record (and future people searching), the important files are as follows:

Public key in the ~/.ssh/authorized_keys file of the user you want to log in as, even if you're using SSH2.  There is no authorized_keys2 file for Dropbear.

Use the private key on the client's commandline, eg. ssh -i id_klunk klunk@remoteserver

----------

