Home / server / Questions / 122565
Accepted
aaron
Asked: 2010-03-16 04:29:13 +0800 CST

Enabling publickey authentication for server's sshd

  • 772

I have two servers running RHEL 5. Both have nearly identical configurations. I have set up RSA Publickey authetication on both, and one works but the other does not:

[my_user@client] $ ssh my_user@server1

--- server1 MOTD Banner ---

[my_user@server1] $

and on the other server:

[my_user@client] $ ssh my_user@server2
my_user@server2's password:

--- server2 MOTD Banner ---

[my_user@server2] $

server2's /etc/ssh/sshd_config file snippet:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile        .ssh/authorized_keys

When I run ssh -vvv I get the following snippet:

debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug3: Next authentication method: publickey
debug1: Offering public key: /home/my_user/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentication that can continue: publickey,gssapi-with-mic,passowrd
debug1: Offering public key: /home/my_user/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentication that can continue: publickey,gssapi-with-mic,passowrd
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
my_user@server2's password:

EDIT: both the servers and the client's .ssh directories have 700 permissions, and all the files within have 644 or 600 permissions

redhat ssh rsa public-key

4 Answers

  1. have you checked the filesystem permission on both machines? sshd is a bit picky about permission on folder .ssh and the files in this folder.

    .ssh should have 700 and the files should have 644 or less.

    • 3

  2. This solution to this is going to be simple assuming you have not changed the sshd_config between the servers. You can run a diff against them to be sure.

    As Christian said, permissions are usually the most likely cause.

    If the permissions are accurate, there is going to be a mismatch between the private and public keypair on one of the servers.

    • 1

  3. Since the obvious responses have been aptly given, some other debugging options:

    perform a diff between .ssh/authorized_keys on server1 and server2

    Run the sshd daemon in the foreground with logging and it should give you the rationale for why it's rejected the authentication key.

    • 1
  4. Best Answer

    Christian and Warner were on the right track, it was a permissions error, but it was b/c of the home directory, not the .ssh directory:

    $# tail --f=n /var/log/secure
Mar 22 10:52:57 my_server2 sshd[6278]: Authentication refused: bad ownership or modes for directory /home/my_user

$# ls -la /home/my_user
drwxrwx--- 21 my_user my_user    4096 Mar 22  10:37 .
...

    After chmod'ing the directory to 755 the login worked correctly.

    • 0