Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-08-2009, 08:19 AM   #1
Registered: Nov 2003
Posts: 757

Rep: Reputation: 39
problem with ssh key-based authentication

Hi there --

I have a key-based authentication set up for the root account between two of our servers, and it has been working without issue for quite some time. I wanted to set up a similar configuration for a 'regular' user account between the same two servers.

I went through the motion of running the ssh-keygen utility with the following syntax as the user in question:

ssh-keygen -t rsa
I made sure there were no passphrases by hitting the <enter> key when prompted. Once that was done, I copied the newly created public key from the source to the destination computer using the command syntax shown below:

ssh user@remotehost “cat >> ~/.ssh/authorized_keys” < ~/.ssh/
Once that was done, I should have been able to log into the remote host without being prompted without a password, but that was not the case.

Why would the root account be able to log in using public/private key authentication, and a 'regular' user account cannot to the same?
Old 12-08-2009, 08:22 AM   #2
Registered: Mar 2008
Location: UK
Distribution: Fedora, Gentoo
Posts: 209

Rep: Reputation: 36
Check the permissions on .ssh/authorized_keys. It's got to be 600, so
chmod 600 .ssh/authorized_keys
will probably fix it.
Also, make sure the key did get into the authorized_keys file properly. I'm not sure, but how did you enter the password when stdin was supplied from the file?

Last edited by beadyallen; 12-08-2009 at 08:24 AM.
Old 12-08-2009, 08:39 AM   #3
Registered: Feb 2008
Distribution: Slackware
Posts: 595

Rep: Reputation: 115Reputation: 115
Originally Posted by kaplan71 View Post

ssh user@remotehost “cat >> ~/.ssh/authorized_keys” < ~/.ssh/
Just FYI, depending on your distribution you should be able to achieve the same result with "ssh-copy-id".

With regard to the initial problem, again the distro you use can affect the difficulty of getting key-based auth working; esp if PAM gets involved.
Old 12-08-2009, 12:03 PM   #4
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
i had trouble of that kind when i corrupted my /etc/passwd or /etc/shadow.
did you make any changes in those manually? i was unable to passwd and log in through ssh with or without password to any user but last created by useradd.
that could be a problem perhaps...
Old 12-08-2009, 06:02 PM   #5
LQ Guru
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
I think there are many things that could cause this type of behavior. So, you need to look at the debug information ssh will give you if you ask for it.

Reading /var/log/auth.log (or similar for your dist) and running in verbose moded (ssh -vvv) on the client are the first things I do debug ssh problems like this.

If I can't get the answers I need from the above, the next thing I try is running sshd in debug mode (sshd -d) on the server, and then try to ssh to that instance of sshd: this provides much more server side debug info than what you normally get in /var/log/auth.log.


1 members found this post helpful.
Old 12-09-2009, 10:34 AM   #6
Registered: Nov 2003
Posts: 757

Original Poster
Rep: Reputation: 39
Hi there --

The problem was with the permissions of the authorized_keys file. Once I changed the settings to 600, the problem did not recur. Thanks again to everyone for the help.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Key based authentication only for root for SSH the_gripmaster Linux - Security 4 04-18-2009 05:43 PM
SSH public key authentication problem with cron pbjason9 Linux - Server 2 03-20-2009 10:52 PM
ssh public key authentication problem flgal3 Linux - Software 21 02-06-2009 11:15 AM
Problem with two-way key-based ssh connection kaplan71 Linux - Networking 4 02-22-2007 07:15 AM
SSH - Problem with Public Key Authentication HaPagan Linux - Security 5 11-28-2005 11:27 PM

All times are GMT -5. The time now is 09:13 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration