I'm trying to setup passwordless login for from my mac to my remote server running CentOS with public key authentication for "user1".
I used $ ssh-keygen -t rsa to setup a public key on my mac and then copied the mykey.pub file over to the CentOS user1's .ssh dir and then did a
cat mykey.pub >> authorized_keys
in the .ssh dir.
I've also set the permissions for the .ssh dir to 700 and the authorized_keys to 600.
when I do a:
ssh [email protected]
It still prompts me for my password. What's going on?
Here is a copy of my sshd_config file on the remote machine:
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server
More info:
Here is my output for ssh -v. I think the system defaulted to using the id_rsa.pub instead of the mykey.pub and the mykey (private key file) that I named.
OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to myremoteserver.com [1.1.1.1 (fake IP)] port 22.
debug1: Connection established.
debug1: identity file /Users/LocalUser/.ssh/identity type -1
debug1: identity file /Users/LocalUser/.ssh/id_rsa type -1
debug1: identity file /Users/LocalUser/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'myremoteserver.com' is known and matches the RSA host key.
debug1: Found key in /Users/LocalUser/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/LocalUser/.ssh/identity
debug1: Trying private key: /Users/LocalUser/.ssh/id_rsa
debug1: Trying private key: /Users/LocalUser/.ssh/id_dsa
debug1: Next authentication method: password
How does one tell the system to use mykey instead of the id_rsa?
When you create a public key, you are also creating a private key, called id_rsa
The id_rsa file should be in the connecting users .ssh folder, and the permissions set as you described for the server.
If it is present, then try
This will give you more detailed logging and will provide more clues as to why it isn't working.
Looks like your real question is right at the end:
With the
-iflag.FTFM:
So then: