TL;DR: Raspberry Pi OS will reject rsa keys, use another type of key, and copy it to the Pi:
% ssh-keygen -t ecdsa % ssh-copy-id .ssh/id_ecdsa.pub <pi-hostname>
Explanation is as follows. Recently I installed a Raspberry Pi 4, and I flashed the SD card with the Raspberry Pi Imager. I used the default OS (which is titled "Raspberry Pi OS, a port of Debian Bookworm"). I wanted to use passwordless login to ssh, i.e. public key authentication. So I copied my existing public key to the Raspberry Pi with ssh-copy-id. However when accessing the Pi over ssh, I still had to enter my password.
This had me stumped for a while. In the end, I turned on debug logging:
% sudo vim /etc/ssh/sshd_config
Then add the following line:
LogLevel DEBUG3
Restart SSH daemon and follow logs:
% sudo systemctl restart sshd % journalctl -f
Try and log in with your old RSA key, and you'll see the following log message:
Dec 01 09:27:53 HL46528028 sshd[2025]: debug3: mm_answer_keyallowed: publickey authentication test: RSA key is not allowed
What you need to do, is generate a new key with a different type:
% ssh-keygen -t ecdsa
The default is to save they keypair in the ~/.ssh directory and call it id_ecdsa and id_ecdsa.pub. Copy the public key to the Raspberry:
% ssh-copy-id .ssh/id_ecdsa.pub <pi-hostname>
Now enjoy passwordless login:
% ssh <pi-hostname>
Of course don't forget to remove the LogLevel line from the sshd configuration, and restart the daemon.