SSH (publickey) error on Pihole

Forums › Gadgets, robotics, home automation, electronics (including wearables) › SSH (publickey) error on Pihole

MikeAqua

7779 posts

Uber Geek

#320277 25-Jul-2025 14:31

I have a new pihole set up and running as of last week. When I first wrote the image (Pi Lite 64bit), I cocked up the SSH key side of things. So I overwrote the image, this time stipulating password validation for SSH connection.

The installation and initiation all went well. Ads are being blocked, but ....

If I try and connect by SSH I get the following error message

Permission denied (publickey)

I went into the SSH config file and turned password connection on. I found and deleted some password keys on the pi. I deleted password keys on my PC.

I'm still getting the error. Does anyone have any suggestions?

Do I need to format the SD card and start again?

Edit: I'm trying to SSH from

C:\Users\[username]>

Mike

kyhwana2

2566 posts

Uber Geek

#3397073 25-Jul-2025 14:43

Did you restart the ssh service on the pi after you changed the sshd_config file?

MikeAqua

7779 posts

Uber Geek

#3397304 26-Jul-2025 16:05

I did. But maybe not after I deleted the SSH keys that I found. I'll try that.

Mike

marpada

475 posts

Ultimate Geek

#3397360 26-Jul-2025 22:59

It can be a number of things. I assume you are using the right remote user, like `ssh pi@X.X.X.X`, also on MacOS/Linux the permissions of the private key are important, not sure in Windows.

`ssh -v` might give you a hint of what's is wrong. If not check the logs of the sshd server, if you still have access to the pihole.

timmmay

20580 posts

Uber Geek

Trusted

Lifetime subscriber

#3397374 27-Jul-2025 08:34

How about starting again, getting Raspian working with password and key login, then installing Pi Hole docker? That way you can easily run other things on the Pi. Right now my Pi Hole is running Home Assistant, AppDaemon (works with HA), influxdb, grafana, uptime kuma, cloudflare daemon, nginx, pi hole, postgresql, restic for backup, syncthing, trilium-next (like Evernote), file browser (like a basic dropbox which works with cloudflare tunnel for private file sharing), and watchtower.

I can provide a docker-compose file, Nginx config, and I have snippets of code for things like setting up ssh keys for standard users and root. It'd still take a bit of time to get it all working.

mentalinc

3229 posts

Uber Geek

Trusted

#3397375 27-Jul-2025 08:45

Also wondering if it's configured for the key, and failing there, instead of moving on to prompt for a password.

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

MikeAqua

7779 posts

Uber Geek

#3397752 28-Jul-2025 16:20

marpada:

It can be a number of things. I assume you are using the right remote user, like `ssh pi@X.X.X.X`, also on MacOS/Linux the permissions of the private key are important, not sure in Windows.

`ssh -v` might give you a hint of what's is wrong. If not check the logs of the sshd server, if you still have access to the pihole.

I've tried SSH using the Pi's name, its IP address and 'name@X.x.x.x Nothing is working. I can ping it successfully at any of those, so I know I'm using the correct address and it's listening.

I have a monitor plugged into the Pi so I can access it. What in particular should I look for in the sshd server logs?

Mike

MikeAqua

7779 posts

Uber Geek

#3397766 28-Jul-2025 16:46

timmmay:

How about starting again, getting Raspian working with password and key login, then installing Pi Hole docker? That way you can easily run other things on the Pi. Right now my Pi Hole is running Home Assistant, AppDaemon (works with HA), influxdb, grafana, uptime kuma, cloudflare daemon, nginx, pi hole, postgresql, restic for backup, syncthing, trilium-next (like Evernote), file browser (like a basic dropbox which works with cloudflare tunnel for private file sharing), and watchtower.

I can provide a docker-compose file, Nginx config, and I have snippets of code for things like setting up ssh keys for standard users and root. It'd still take a bit of time to get it all working.

Starting again is an option (although a last resort). It might come to that, though.

I have half a dozen other pis running different things as standalone machines. It's not at all efficient, but it's simple and stable. I just plug a small monitor and a keyboard into whatever I need to check or use the web-admin page if there is one.

I decided with the Pi-Hole to go headless and learn about SSH. So far .... it's not gone well. This whole key-pair thing has really tripped me up. I don't think I understand where I need a public and/or private key. More reading required I guess!

My learning plan is SSH, then Docker, then some form of Kubernetes to get most things running on CM5 boards on a Turing Pi cluster.

Mike

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

MikeAqua

7779 posts

Uber Geek

#3397768 28-Jul-2025 16:53

mentalinc:

Also wondering if it's configured for the key, and failing there, instead of moving on to prompt for a password.

Would that config be in the SSHD_Config file? I know how to get into that. Which setting should I look at?

Mike

mentalinc

3229 posts

Uber Geek

Trusted

#3397772 28-Jul-2025 17:15

Would be on the device you're trying to connect from, the config where you loaded the ssh key file.

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

MikeAqua

7779 posts

Uber Geek

#3397778 28-Jul-2025 17:31

So ... I found my eff up. I used the key fingerprint, not the key itself when setting up my pi. Take 3 ....

Mike

timmmay

20580 posts

Uber Geek

Trusted

Lifetime subscriber

#3397783 28-Jul-2025 17:50

It's fairly easy with Raspian and docker, and you can run heaps or stuff on one pi.

MikeAqua

7779 posts

Uber Geek

#3397787 28-Jul-2025 18:47

timmmay:

It's fairly easy with Raspian and docker, and you can run heaps or stuff on one pi.

Right now I'm on my fourth attempt to get SSH working . So ... baby steps

Mike

mentalinc

3229 posts

Uber Geek

Trusted

#3397790 28-Jul-2025 19:06

I tend to use puttygen on a windows device, and then copy the key material into the required file using nano/vi and set permissions. change the config, check the key works, then remove the password option

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

MikeAqua

7779 posts

Uber Geek

#3397809 28-Jul-2025 20:38

mentalinc:

I tend to use puttygen on a windows device, and then copy the key material into the required file using nano/vi and set permissions. change the config, check the key works, then remove the password option

I've successfully set up the pihole so I can SSH into it using a password. That's a small victory.

Mike

cddt

1555 posts

Uber Geek

#3397938 29-Jul-2025 09:37

MikeAqua:

I decided with the Pi-Hole to go headless and learn about SSH. So far .... it's not gone well. This whole key-pair thing has really tripped me up. I don't think I understand where I need a public and/or private key. More reading required I guess!

FYI relatively recently the official pi OS removed the ability to configure the SD card to enable ssh on first boot. You now have to set up with attached peripherals, enable ssh, then you can log in remotely. This also means the thousands of "guides" on the internet are now not applicable.

Re private/public key, it's worth having a read of the general concepts.

My referral links: BigPipe | Mercury