Out Here In The Field : Journeys

Some time ago, I was asked to setup a public key authentication for SCP session betwen 2 *nix servers. The process should be straight forward, as mentioned on my previous post regarding this subject.

But somehow the login process keep on asking me to enter the correct password, and ignoring the public key that I have copied to the remote server. I start the process in verbose mode, so that I can get meaningful output that can help me solve the issue:

[surfer@kazekiri ~]$ ssh -v mach5@avenger

and this is snipped from the output that I get:

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/surfer/.ssh/identity
debug1: Trying private key: /home/surfer/.ssh/id_rsa
debug1: Offering public key: /home/surfer/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password

This means the private key is recognized, and was offered as a mean for authentication by the local server, but somehow the login process still require me to type-in the password for the remote user.

After some reading, I found out the culprit was the access restriction to the key stored on each server. The login process requires that the private key (id_dsa) and the public key stored on the remote server (authorized_keys) are stored on a folder that can only be accessed by the corresponding users. So I need to do the following:

[surfer@kazekiri ~]$ chmod -R 700  .ssh

and, also on the remote server:

[mach5@avenger ~]$ chmod -R 700  .ssh

Aaand, voila! The public key authetication should works.