DEV Community

Discussion on: What They Don’t Tell You About Setting Up A WireGuard VPN

tomyo profile image
Tomas Hayes • Edited on

Thanks! Clearly written, I just gave it a go and it works!

  • So, every time I want to add a client, I have to add an new [Peer] entry in the server's /etc/wireguard/wg0.conf file?
  • I tried sshing into the server with vpn ip address (when connected), and I get a me@ Permission denied (publickey)., what's the problem here?

I mostly want the VPN to allow me to access devices with ssh.

grschafer profile image
Greg Schafer Author
  1. That is my understanding, yes. Regardless of the flavor of public-key cryptography being used, one side of the communication needs a private key and the other side needs a public key. So, for any peer you want to send a message to, you need possession of their public key in advance. (Keep in mind that the VPN "server" is really just another peer and it can initiate connections to its peers.)
  2. Hard to say without more info! A few ideas and things to check:
    • You might try SSHing with extra verbosity (e.g. ssh -vvv me@ to see what SSH keys your computer is offering.
    • Make sure the corresponding public key exists in ~/.ssh/authorized_keys on the server, for the user account you're SSHing into.
    • Look in /var/log/auth.log on the server and see what messages sshd is emitting when you try to log in.
    • Make sure permissions on that ~/.ssh folder on the server are correct (sudo chmod 0700 ~/.ssh && sudo chmod 0600 ~/.ssh/*). Same for the ~/.ssh folder on your local machine.