Some time ago, I was asked to setup a public key authentication for SCP session betwen 2 *nix servers. The process should be straight forward, as mentioned on my previous post regarding this subject.
But somehow the login process keep on asking me to enter the correct password, and ignoring the public key that I have copied to the remote server. I start the process in verbose mode, so that I can get meaningful output that can help me solve the issue:
[surfer@kazekiri ~]$ ssh -v mach5@avenger
and this is snipped from the output that I get:
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/surfer/.ssh/identity
debug1: Trying private key: /home/surfer/.ssh/id_rsa
debug1: Offering public key: /home/surfer/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
This means the private key is recognized, and was offered as a mean for authentication by the local server, but somehow the login process still require me to type-in the password for the remote user.
After some reading, I found out the culprit was the access restriction to the key stored on each server. The login process requires that the private key (id_dsa) and the public key stored on the remote server (authorized_keys) are stored on a folder that can only be accessed by the corresponding users. So I need to do the following:
[surfer@kazekiri ~]$ chmod -R 700 .ssh
and, also on the remote server:
[mach5@avenger ~]$ chmod -R 700 .ssh
Aaand, voila! The public key authetication should works.
15 Comments so far
Leave a comment
Thank you!! I’ve been frustrated with the reason why it tried the password method without finishing the publickey method…now it finally works!!
Comment by Vivek July 11, 2009 @ 02:50You’re welcome
Comment by Ikhsan July 12, 2009 @ 09:05Again, many thanks to you (and google). This was my problem too… cheers! -mt
Comment by Marshall October 28, 2009 @ 06:07Thank you for posting this. However I tried all this and it still didn’t work. It turns out (according to the SSH FAQ) that you must also have the correct permissions on the server $HOME directory. Changing them to remove ‘group’ and ‘other’ write permission (e.g. 640) fixed it.
Comment by Eric Woudenberg November 24, 2009 @ 01:57p.s. oops, make that ’750′ or chmod go-w $HOME
Comment by Eric Woudenberg November 24, 2009 @ 02:00Thx for the info
Comment by Ikhsan November 24, 2009 @ 09:31thanks. the group permissions were holding me up.
Comment by Tom December 1, 2009 @ 09:41Thanks for the detailed information.
I have tried all the above mentioned steps but ssh still asks for password.
I get the following message in the ssh verbose output
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pvarshneya/.ssh/id_dsa
debug1: read PEM private key done: type DSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
I think culprit here is ‘debug2: we did not send a packet, disable method’
Comment by Pooja January 14, 2010 @ 13:47But i don’t know how to fix it.
Have you tried to change the security to the authorized_keys file to 644 ?
Comment by Ikhsan January 14, 2010 @ 15:44Thanks, that cleared up my problem on a server I’d just rebuilt. I’d verified keys, verified the config matched other servers, etc… I was really dreading some sort of ‘generate a new key, test, propagate key change (rejections and new key) across GK-HowMany servers’ process that was going to be my move if teh Google hadn’t found your advice.
Comment by d2 March 3, 2010 @ 07:10glad this solved your problem
Comment by ikhsan November 17, 2011 @ 10:31Thanks!
Comment by alfredas November 16, 2011 @ 21:31
Comment by ikhsan November 17, 2011 @ 10:32i tried ‘chmod 644 authorized_keys’ but i’m getting “chmod: authorized_keys: Operation not permitted.”………..
Comment by gabriel February 16, 2012 @ 13:03plz help me solving this
OK. First, make sure that the authorized_keys file belong to you. To do that, login as root and do chown -R username. usergroup Authorized_keys
Comment by ikhsan February 16, 2012 @ 15:56Or
If you use ubuntu, type: sudo chown -R username.usergroup authorized_keys. Replace username with your login, and usergroup with your login group.
Afterall that, redo the chmos command