Home / server / Questions / 1032028
In Process
einpoklum
Asked: 2020-08-31 00:10:16 +0800 CST

authorized_keys has my key, but it's still refused

  • 772

I'm connecting from machine M1 to machine M2 using ssh (to the same user on the other machine). I should also mention the user shares the same key on both machines. With password authentication, everything works fine; not so with public-key authentication; I've ensured ~/.ssh/authorized_keys on M2 has the RSA key as authorized, but still - ssh falls back to password authentication. I get the following with ssh -vvv:

debug2: key: /home/joeuser/.ssh/id_rsa (0x7f42679e8200),
debug2: key: /home/joeuser/.ssh/id_dsa ((nil)),
debug2: key: /home/joeuser/.ssh/id_ecdsa ((nil)),
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/joeuser/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/joeuser/.ssh/id_dsa
debug3: no such identity: /home/joeuser/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/joeuser/.ssh/id_ecdsa
debug3: no such identity: /home/joeuser/.ssh/id_ecdsa: No such file or directory
debug2: we did not send a packet, disable method

I should mention that I am able to connect using public-key authentication from other machines (not with the same key).

What are the potential reasons for key-based authentication failing in this case?

Note: The machines are both SLES (SuSE Linux Enterprise Server) 11.

authentication ssh public-key

2 Answers

  1. Check the basics:

    1. id_rsa and id_rsa.pub exist on both M1 and M2
    2. id_rsa has permission 600 (i.e only the owner can read-write) on both M1 and M2
    3. authorized_keys file has key pasted as a single line (no line break)
    4. Permission of authorized_keys is 600
    5. Typically, permission on my .ssh folder is 600 (default)
    6. Check the permission of each folder /home all way up to .ssh
    7. I know you want to use RSA, but try DSA key and see if it works. If it does, then we'll have zeroed in SSH and RSA config.
    • 1

  2. The error you get is

    /home/joeuser/.ssh/id_dsa: No such file or directory

    Make sure this file exists, contains the private key that corresponds to the public key that you've added, belongs to joeuser and has 600 user permissions:

    sudo chown joeuser /home/joeuser/.ssh/id_dsa
sudo chmod 600 /home/joeuser/.ssh/id_dsa

    You should also try to explicitly define the private key like this:

    ssh -i ~/.ssh/id_rsa [email protected]

    If you are not sure if this is the right key then I'd recommend to create a new RSA key pair

    ssh-keygen -b 4096

    and add the content of the public key ~/.ssh/id_rsa.pub to the authorized_keys file of the remote server. Make sure that you don't overwrite an existing private key that you still need to login to other servers!

    • -1