Cannot ssh into Devkit anymore

Hi there

(Since the last update?) I cannot ssh into my devkit anymore. Creating a new USB drive did not help. Pairing and everything worked, I also copied the public key, but still cannot ssh into the device.
I even created a new public key following the instructions of the manual (see here: https://mycroft-ai.gitbook.io/docs/using-mycroft-ai/get-mycroft/mark-ii) once more:
ssh-keygen -t rsa

Does anyone have similar issues or is just me?

This is what I do:
ssh -v -p 8222 mycroft@192.168.178.73 -i .ssh/id_rsa.pub
to make sure it uses the created (and copied) public key.

This is what I get:
OpenSSH_8.8p1, OpenSSL 1.1.1m 14 Dec 2021
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to local ip [local ip] port 8222.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
[…]
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version dropbear_2019.78
debug1: compat_banner: no match: dropbear_2019.78
debug1: Authenticating to [local ip]:8222 as ‘mycroft’
[…]
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:[…]
[…]
debug1: Host ‘[local ip]:8222’ is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:4
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/user/.ssh/id_rsa RSA SHA256:[…]
debug1: Will attempt key: /home/user/.ssh/id_dsa
[…]
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:[…]
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: /home/user/.ssh/id_dsa
[…]
debug1: Authentications that can continue: publickey
[…]
debug1: No more authentication methods to try.
mycroft@[local ip]: Permission denied (publickey).

I also checked the file permissions (found a hint that that might be problem):
-rw------- 1 user user 2602 31. Dez 18:09 id_rsa
-rw-r–r-- 1 user user 569 31. Dez 18:09 id_rsa.pub

Many thanks and kind regards,
Enver

Did you: chmod go-r id_rsa.pub
?

Thanks for the hint! I tried that, but unfortunately still can’t ssh into the device.

What could be the problem here - Plus: It’s a new installation of the system on the USB stick and I followed the instruction as I did before (several times which worked in the past).
I’ve got a back up of the “old” installation / system where e.g. Spotify was set up. For that I had to ssh into the device. - I’m feeling slightly stupid

if the error hasn;t changed then the chmod didn’t work.

Is that so? This is what ‘ls -la’ shows:
-rw------- 1 user user 2602 31. Dez 18:09 id_rsa
-rw------- 1 user user 569 31. Dez 18:09 id_rsa.pub

Just a thought … rather than increasing verbosity on the ssh client side, can you restart the sshd server in verbose (debug) mode and watch from that side? (or are you locked out of your server?).

-Mike M

I haven’t had much time to care about this issue lately, but tried to look into it again today.

Regarding your question: That’s exactly the point, I am locked out of the Mark II.

I’ve tried to setup up the system once more (wrote the image onto the USB drive again), changed the ssh key and also tried to access the Mark II from a different computer (copied the ssh key over). Nothing worked.

Next step: connect a keyboard and monitor to the Mark II. Do you or anyone know how to use this setup then? How can I enter commands and see output when the system has booted?

Just to confirm, did you attach your public key to your device?

Who uses “user” as username ?

My password is 1234 also.

Honestly? “Who uses “user” as a username?” and “My password is 1234 also.” Not very helpful. That’s the community you want to be? - It’s good that there are other people around as well. Thanks to those for trying to help!

Anyway, I copied the contents of ~/.ssh/id_rsa.pub to ‘Command Line Access’ under account.mycroft.ai/devices/id-of-my-device. After that I told Mycroft to update its configuration, so that the new key would be available on the device.

One thing you could try is to mount the USB stick on your computer and check under the/home/mycroft/.ssh/ directory if you have an authorized_keys file which contains your SSH public key.

Thanks for the idea

There was no .ssh directory in /pvroot/disks/perm/mycroft/lxc-overlay/upper/home/mycroft/ when I connected the USB stick to my computer. Creating the folder and adding an authorized_keys file (with the public key) did not have any effect.
Maybe it was the wrong place and I have to mount the container and look in there!? I’m not familiar with lxc containers (yet), but might give it a go.

Does the .ssh folder created by you belongs to mycroft user? The authorized_keys file should have 644 permissions and belongs to mycroft user as well.

All other folders belonged to the user 1050, so I used that UID for the .ssh folder and its content (the authorized_keys file).
First I had more restricted permissions (700) and changed those to 644 later, but to no avail.

And did it work?
Does your authorized_keys has the same content as your id_rsa.pub?