SSHD Issue.
I've got a slight issue with logging into my server using public keys.
It was working fine, until I had to rebuild my desktop machine. I had the key copied to the server, and passwordless logins where fine. However now I have rebuilt my desktop, I cant get to the login. So heres whats happend. Rebuilt id_rsa.pub, server will not allow login. Remove id_rsa.pub and the server allows password based login. On the server, removed authorized_keys and known_hosts. makes no difference. Server still disallows keyfile, but will allow password when id_rsa is not present on the client. Heres a -v of the login chat with keyfile Code:
michael@eve:~$ ssh -v server Code:
michael@eve:~/.ssh$ ssh -v server |
Hi,
First that comes to mind: Are the permissions on ~/.ssh directory and the files in ~/.ssh correct? Permissions for ~/.ssh should be 700 (owner read/write/execute, group and world no permissions). The authorized_keys file should be 600 (owner read/write, rest no permissions). Hope this helps. |
drwx------ 2 michael michael 4096 Mar 12 20:20 .ssh
All permissions are fine, it is 700 through the entire ~/.ssh Could there be another file the server is looking in, and getting the old key? |
Hi,
Quote:
Quote:
Although I only encountered it once myself (still no clue why the original entry did not work), you can try the following as well: Edit your /etc/sshd/sshd_config file ans change this line AuthorizedKeysFile .ssh/authorized_keys into this AuthorizedKeysFile /home/%u/.ssh/authorized_keys Hope this helps. EDIT Do restart the sshd server when editing the sshd_config file.... /EDIT |
I tried your suggestion of changing the AuthorizedKeyfile location, and restarted sshd.
I'm still getting "Too many authentication failures" when i generate a keyfile. |
Hi,
Quote:
Also: How about the possible typo I mentioned?? Anyway: I would suggest completely removing the ~/.ssh directories on both machines and follow the following guide: SSH with Keys in a console window. BTW: Put the original AuthorizedKeysFile line back into the sshd_config file. Hope this helps. |
Sorry, yes, thats whats it has been doing all along.
The typo was. the directory contents are 600, but have both been removed on client and server, and all that exists is known_hosts. So to recap, as soon as I run ssh-keygen -t rsa I get the login fail. If i remove the keyfile fromthe client, I get in via password. As soon as I regenerate the keyfile (Even with empty ~/.ssh on the server) it will not allow login. |
Did you try my other suggestion?
|
Removing both client and server ~/.ssh directorys and following your link tutorial?
Yes, I have removed both ~.ssh several times. But as soon as I create the id_rsa.pub the server will not allow login. So I cant send the new keyfile. |
Hi,
What happens when you try logging in (password-less) after the following command: ssh-add -D You can also try increasing the MaxAuthTries value in /etc/ssh/sshd_config (needs a sshd restart). Hope this helps. |
Many Thanks for all your help Druuna.
I increased the MaxAuthTries, and now instead of rejecting the keyfile, it rejects it and moves on to the next auth meathod, which is password. I do feel slightly stupid for not realising this, and again, thanks for your help and patience :) Can now copy id via ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_host |
You're welcome :)
Can you put up the [SOLVED] tag (first post -> Thread Tools) |
All times are GMT -5. The time now is 02:06 PM. |