Setup SSH Keys

S

Speakerrob

Member
May 23, 2019
13
1
8
39
I'll preface this with I had this setup and working before, but after somehow bricking Proxmox by changing a VM's nic setting, I had to re-install. Now SSH doesn't seem to work.

I first created a new user and added them to the sudo group as I usually disable root.
From the new sudo user login:
  • generate a key pair with puttygen.exe on my windows box
  • load the private key in the PuTTY profile
  • enter the public key in ~/.ssh/authorized_keys (checked for proper format as best I can, aka eyeballing it)
  • chmod 700 ~/.ssh
  • chmod 600 ~/.ssh/authorized_keys
  • change /etc/ssh/sshd_config so it contains AuthorizedKeysFile %h/.ssh/authorized_keys
  • sudo service ssh restart
The proxmox host auth.log says "no matching key exchange method found."
PuTTY gives me a "No support authentication methods available (server sent: public key)."

I did notice there is a completely different key stored in /etc/pve/priv/ and the PuTTY window says the server's ssh-ed25519 fingerprint is something that doesn't match my generated key fingerprint. So with my limited knowledge it seems like the server is ignoring my key and using this other one?


SOLVED:
Even though this was a clean install, I decided to reinstall Proxmox again. Everything worked as it should after that.
 
Last edited:
  • generate a key pair with puttygen.exe on my windows box
  • load the private key in the PuTTY profile
  • enter the public key in ~/.ssh/authorized_keys (checked for proper format as best I can, aka eyeballing it)
  • chmod 700 ~/.ssh
  • chmod 600 ~/.ssh/authorized_keys
  • change /etc/ssh/sshd_config so it contains AuthorizedKeysFile %h/.ssh/authorized_keys
  • sudo service ssh restart
Click to expand...
Looks fine to me. Did the same here. Make sure the key is only one line.
 
Dunuin said:
Looks fine to me. Did the same here. Make sure the key is only one line.
Click to expand...
I did read somewhere that copying from the PuTTY generator sometimes adds an incompatible newline character, so I didn't use their copy method. Instead, I did it the old-fashioned way with the mouse. I then deleted the last few characters and re-typed them (carefully to makes sure they were exact) to be sure I removed any unseen space characters. I also deleted the space between "ssh-rsa {key}" and re-entered it.
 
Tealk said:
You can copy the sshkey with this command:
Code: 
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@IP
Click to expand...
Since I made the key on the Windows box using PuTTY Generator, I just copy/pasted the text directly through the Proxmox web gui shell after making the .ssh directory and "authorized_keys" file manually on the host. I suppose I could go backwards and try having the host make the key locally then copying the private key back to Windows. I'll let you know what happens.
 
At this point I'm 100% confident the key is correct, but it seems like Proxmox is just ignoring it. The only key it presents to PuTTY is the default one used by the cluster. I know root has a .ssh/authorized_keys location (which has the cluster key), but the user I'm using does too with the key I'm trying to SSH with. For some reason this key in someuser~/.ssh/authorized_keys is being ignored and not presented.
 
Some more things I've tried:

Changed the sshd_config file AuthorizedKeysFile setting to have:

  1. %h/.ssh/authorized_keys
  2. both %h/.ssh/authorized_keys and %h/.ssh/authorized_keys2 (incidentally made a copy of authorized_keys on my user so it had both files)
  3. {user_typed_out}/.ssh/authorized_keys
  4. both user_typed_out}/.ssh/authorized_keys and {user_typed_out}/.ssh/authorized_keys2
  5. {user_typed_out}/.ssh/authorized_keys2
  6. just {user_typed_out}/.ssh/authorized_keys2
  7. Replaced default key in root~/.ssh/authorized_keys with the ssh public key; changed sshd_config to %h/.ssh/authorized_keys, and attempted login with root instead of my user. This also failed as Proxmox only presents the key from /etc/pve/priv/ssh_host_ed25519_key.pub

Logically, it seems I just need to replace the key in /etc/pve/priv/ssh_host_ed25519_key.pub, but I've read this will break Proxmox in certain ways. So, I'm at an impasse on what to do. Since I had no issue before with a previous version of Proxmox I'm considering rolling back from 7 to 6.
 
Last edited:
I do not know how cloud-init works with the normal distribution installation but it works perfectly well with the cloud images.
In my case I am using Ubuntu server cloud image.

This is how I add ssh keys to this type of vm:
1. Generate a public/private key pair (I am using PuTTYGen)
2. Poxmox - VM - Cloud-Init -SSH public key - copy the generated key from the PuTTYgen window to the "Edit SSH Keys" - OK
3. Use a generated private key in your SSH utility profile/session
That is all.
Probably it works and with the regular installation as well, just can't confirm.
 
Last edited:
was PubkeyAcceptedKeyTypes specified in any way? My default proxmox installation specified nothing
 
I also have this issue with pub keys generated fromy Puttygen:

1697459953205.png
 
Debian 12 dropped support for the old RSA keys. Either create a more secure/modern key with putty (like ed25519) that still works out-of-the-box or edit the sshd_config to allow those old/less secure key types.
 
Last edited:
  • Like
Reactions: juanedu
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back