I'm having a problem with the authentication of SSH on one of our test servers. I have configured the sshd_config
correctly yet the Authentication method shows only password auth.
[root@[client] ~]# ssh -v [server]
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to [server] [xxx.xx.xx.xxx] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6
debug1: match: OpenSSH_4.6 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[server]' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: **Authentications that can continue: password,**
debug1: Next authentication method: password
root@[server] password:
What I'm expecting:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password because I have set this on my sshd_config:
Some relevant lines from my sshd_config
file:
PermitRootLogin yes
PermitRootLogin without-password
RSAAuthentication yes
PubkeyAuthentication yes
I don't know if this is a firewall issue or server side
My sshd_config
file:
ListenAddress 199.xx.xx.xx
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin yes
PermitRootLogin without-password
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
Also, some relevant permissions:
drwx------. 2 root root 4096 Sep 1 09:12 .ssh
-rw-r--r--. 1 root root 235 Aug 12 16:00 .ssh/authorized_keys
Even tried to forcefully use publickey authentication but is still user password as authentication
ssh -2 -vvv -o PubkeyAuthentication=yes -o RSAAuthentication=yes -o PasswordAuthentication=yes -o PreferredAuthentications=publickey [server]
debug3: Wrote 64 bytes for a total of 1277
debug1: Authentications that can continue: password,
debug3: start over, passed a different list password,
debug3: preferred publickey
debug1: No more authentication methods to try.
var/log/secure
Sep 3 10:43:09 crewtest sshd[47353]: Connection closed by xx.xx.xx.xx
It looks like you're running CentOS or RHEL (based on the fact your security file is
/var/log/secure
, as indicated in the comments on the question). By default OpenSSH under CentOS has very restrictive permissions requirements on the~/.ssh
directory andauthorized_keys
file.Set the mode to on
.ssh/authorized_keys
to600
(-rw-------
) and try the connection again.I am not sure but i think the AuthorizedKeysFile option in your sshd_config is wrong.
Try changging it to: