problem with ssh key-based authentication
Hi there --
I have a key-based authentication set up for the root account between two of our servers, and it has been working without issue for quite some time. I wanted to set up a similar configuration for a 'regular' user account between the same two servers. I went through the motion of running the ssh-keygen utility with the following syntax as the user in question: Code:
ssh-keygen -t rsa Code:
ssh user@remotehost “cat >> ~/.ssh/authorized_keys” < ~/.ssh/id_rsa.pub Why would the root account be able to log in using public/private key authentication, and a 'regular' user account cannot to the same? |
Check the permissions on .ssh/authorized_keys. It's got to be 600, so
Code:
chmod 600 .ssh/authorized_keys Also, make sure the key did get into the authorized_keys file properly. I'm not sure, but how did you enter the password when stdin was supplied from the id_rsa.pub file? |
Quote:
With regard to the initial problem, again the distro you use can affect the difficulty of getting key-based auth working; esp if PAM gets involved. |
i had trouble of that kind when i corrupted my /etc/passwd or /etc/shadow.
did you make any changes in those manually? i was unable to passwd and log in through ssh with or without password to any user but last created by useradd. that could be a problem perhaps... |
I think there are many things that could cause this type of behavior. So, you need to look at the debug information ssh will give you if you ask for it.
Reading /var/log/auth.log (or similar for your dist) and running in verbose moded (ssh -vvv) on the client are the first things I do debug ssh problems like this. If I can't get the answers I need from the above, the next thing I try is running sshd in debug mode (sshd -d) on the server, and then try to ssh to that instance of sshd: this provides much more server side debug info than what you normally get in /var/log/auth.log. Cheers, Evo2. |
Hi there --
The problem was with the permissions of the authorized_keys file. Once I changed the settings to 600, the problem did not recur. Thanks again to everyone for the help. |
All times are GMT -5. The time now is 02:34 AM. |