SSH athentication via RSA key fails.
Hi all,
I am trying to setup a passwordless authentication on one of my boxes in order to be able to use ssh commands in a script. I have generated public/private RSA keys on the client machine (in the user I'm logged in as' .ssh directory) and added the public key to the server machine's authorized_keys files (in the user I want to be able to ssh as' .ssh directory). I have set the rights on both .ssh directories, the key files and the authorized_keys files to 700. On the server machine, in the /etc/ssh/sshd_config file, I have set the two following parameters : Code:
RSAAuthentication yes Code:
debug1: Authentications that can continue: publickey,password I don't understand why the "My Key" "Offering" doesn't seem to succeed. Does anyone have any idea of what I am doing wrong? Notes: I am using Linux Mint 15 on both machines. Password logging works as expected. SSH versions are as follows: Code:
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1p1 Debian-4 Any help is greatly appreciated. Let me know if you need any additional information. Thanks. |
The reason is probably logged in /var/log/auth.log on the server
|
What is the name of your private key? ssh will not find it automatically. It either has to be loaded into the agent (no more than the 6th key on the list or you will fail the default server auth settings) or else pointed to manually. You point to a private key manually with -i
Code:
ssh -i /home/remslug/.ssh/some_key_rsa remslug@93.184.216.119 |
Quote:
|
Thanks for your replies.
As mentioned, I have generated and exchanged keys. I have done so using the following instructions : http://www.tecmint.com/ssh-passwordl...-5-easy-steps/. I can cat the authorized_keys file on the server and the ssh-rsa entry is in there. The only difference is I have not named the key files id_rsa and id_rsa.pub because I need to be able to use different keys in order to connect to different servers. My files are named ~me/.ssh/my_key and ~me/.ssh/my_key.pub. I have tried specifying my private key file as an "IdentityFile" entry in /etc/ssh/ssh_config on the client machine to no avail. I also tried specifying it with the -i option with the same result. When I specify the file, the ouput is different though: Code:
debug2: key: /home/me/.ssh/my_key (0x7f65d5317cd0) Code:
Nov 3 12:57:29 slg-NAS sshd[2478]: Connection closed by 192.168.0.1 [preauth] |
Then, content of ~me/.ssh/my_key.pub should be pasted in authorized_keys on server side.
Correct command should be: Code:
$ ssh -i ~me/.ssh/my_key remoteuser@server It should not be group,other writable. The .ssh directory should be 700, authorized_keys should be 644. |
Thanks for your help, voleg.
Client side rights: Code:
drwx------ 2 me me 4096 Nov 3 13:10 .ssh Code:
drwx------ 2 me me 4096 nov. 2 23:22 .ssh Command I use: Code:
ssh -vvv -i /home/me/.ssh/my_key me@192.168.0.4 |
This looks OK (my_key and my_key.pub don't need execute bits set, but this shouldn't prevent login). A couple of thoughts:
|
What about permissions on home directory on server side ?
It should be writable by owner only. |
Quote:
Code:
ssh-rsa <key string> My Key Rights on my home directory are 700 on both machines. Server: Code:
drwx------ 23 me me 4096 nov. 2 23:22 /home/me/ Code:
drwx------ 73 me me 4096 Oct 26 17:33 /home/me/ |
If content of /var/log/secure does not have a clue,
next step may be run sshd in debug mode, like: Code:
# sshd -d -p 222 Code:
$ ssh -v -p 222 ...... |
Apparently, the server can't find the authorized_keys file:
Code:
debug1: userauth-request for user me service ssh-connection method publickey [preauth] Code:
drwxr-xr-x 5 root root 4096 juil. 21 22:26 /home Code:
cat /home/me/.ssh/authorized_keys Code:
ssh-rsa <long RSA string> My Key |
An issue becomes interesting.
Quote:
As I see, user "me" has UID/GID 1000/1000: Quote:
If you still has no solution, probably it is selinux problem. Please set it to PERMISSIVE and check what happen in /var/log/messages. |
This is weird. This morning when I restarted both machines (after I had switched them off for the night), it started working without changing anything. I guess some services had to be restarted for some of the changes to take effect... I had already tried to restart sshd on the server, though.
Thanks for the help. |
Bad. Now we never will know what it was....
|
All times are GMT -5. The time now is 01:05 PM. |