If you still can't get it to work with all the comments here that modify /etc/ssh/sshd_config
, check out this line from man sshd
on OSX, under the FILES section:
~/.ssh/authorized_keys
Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used for logging in as this user. The format of this file is described above.
The content of the file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others.
**If this file, the ~/.ssh directory, or the user's home directory are writable by other users, then the file could be modified or replaced by
unauthorized users. In this case, sshd will not allow it to be used unless the StrictModes option has been set to ``no''.**
So you can set, in /etc/ssh/sshd_config
:
StrictModes no
(I didn't test that way), or ensure that the permissions of the files mentioned above in the doc are correct:
chmod 0600 ~/.ssh/authorized_keys
chmod 0700 ~/.ssh
Setting permissions for ~
is more complex, since it may have special attributes like setuid bit, etc. First, use stat to find the actual, absolute, octal permissions of ~
:
stat -f %Op ~
The syntax for stat seems to be different on the osx version than on the GNU version. For me, this initially output:
40777
The last two 7's mean that it's rwx
for group and others; we need them to be 5, to remove write permissions for group and others, as specified in the doc: only the user can have write on ~
. So, perform:
chmod 40755 ~
NOTE: only change the last two numbers; if you change anything else, you'll be changing your permissions (the third octal number), or special file properties (anything before the last three octal numbers).
After doing this, public key authentication finally worked. Worth it.