2023-12-01 Unable to use public key authentication for ssh login on Raspberry Pi

TL;DR: Raspberry Pi OS will reject rsa keys, use another type of key, and copy it to the Pi:

  % ssh-keygen -t ecdsa
  % ssh-copy-id .ssh/id_ecdsa.pub <pi-hostname>

Explanation is as follows. Recently I installed a Raspberry Pi 4, and I flashed the SD card with the Raspberry Pi Imager. I used the default OS (which is titled "Raspberry Pi OS, a port of Debian Bookworm"). I wanted to use passwordless login to ssh, i.e. public key authentication. So I copied my existing public key to the Raspberry Pi with ssh-copy-id. However when accessing the Pi over ssh, I still had to enter my password.

This had me stumped for a while. In the end, I turned on debug logging:

  % sudo vim /etc/ssh/sshd_config

Then add the following line:

  LogLevel DEBUG3

Restart SSH daemon and follow logs:

  % sudo systemctl restart sshd
  % journalctl -f

Try and log in with your old RSA key, and you'll see the following log message:

  Dec 01 09:27:53 HL46528028 sshd[2025]: debug3: mm_answer_keyallowed: publickey authentication test: RSA key is not allowed

What you need to do, is generate a new key with a different type:

  % ssh-keygen -t ecdsa

The default is to save they keypair in the ~/.ssh directory and call it id_ecdsa and id_ecdsa.pub. Copy the public key to the Raspberry:

  % ssh-copy-id .ssh/id_ecdsa.pub <pi-hostname>

Now enjoy passwordless login:

  % ssh <pi-hostname>

Of course don't forget to remove the LogLevel line from the sshd configuration, and restart the daemon.