10
6
I have successfully created a key based auth for root user from my A machine to my B machine.
Now, I created a new user on B machine, the same as on A machine, let's call him USER
. I created a home dir for him on B machine /home/USER
and I want to create key based auth for him from machine A to B machine.
So, I ran on A machine
ssh-keygen -t rsa
, accepted all paths, so/home/USER/.ssh/id_rsa
and with no phrasesssh-copy-id -i /home/USER/.ssh/id_rsa.pub USER@BmachinesIP
, entered password and got massage
Now try logging into the machine bla bla bla
So everything seems to be OK.
But when I tried to connect ssh USER@BmachinesIP
I was asked for a password.
I tried to see the log and ran ssh -vvv USER@BmachinesIP
and here is a part of output:
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/USER/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/USER/.ssh/id_dsa
debug3: no such identity: /home/USER/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
USER@BmachinesIP's password:
So, can anyone tell me what I've done wrong or what I should change? Maybe the issue is in the permissions, here they are:
on A machine:
drwx------ 2 USER USER SIZE DATE TIME .ssh
-rw------- 1 USER USER 1675 2011-10-31 14:36 id_rsa
-rw-r--r-- 1 USER USER 413 2011-10-31 14:36 id_rsa.pub
and on B machine:
drwx------ 2 USER defaultGroup SIZE DATE TIME .ssh
-rw------- 1 USER defaultGroup SIZE DATE TIME authorized_keys
Same problem for me fresh CentOS7 install. I checked permissions. Played with /etc/ssh/sshd_config settings && service sshd restart. Client (ssh -vvv) logs "debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply". Server logs "Failed publickey for * from * port * ssh2: RSA *".Try "LogLevel VERBOSE" in sshd_config. INTERESTING If I run sshd on different port 'sshd -p 5555 -d'. The key works. Passwordless login ok. WTF? Well. Then I disabled selinux. Rebooted. Passwordless login worked ok. – gaoithe – 2016-05-04T12:33:21.367
2Wow. Amazing that there is zero debug output about permissions even though they are central to proper public key config. – jchook – 2013-02-18T16:47:56.553
Wow, you are right. Now it's working.... though I really want to keep the permission it had originally (775). Any clue about how to change that? – Pablo Olmos de Aguilera C. – 2013-04-07T22:54:49.893
Seems that there's no way, only workaround would be set the StrictModes no in sshd_config. :/. – Pablo Olmos de Aguilera C. – 2013-04-07T23:02:34.193
2
Essentially you need these permissions:
– erik – 2013-07-30T21:27:05.197chmod o-w ~/; chmod 700 ~/.ssh; chmod 600 ~/.ssh/authorized_keys
, then it works. Copied from the answer of Maxime R. from here: http://askubuntu.com/questions/54670/passwordless-ssh-not-working2I've done all these permissions changes, and it still asks me for a password when I ssh. I've also verified that the private key is the same on both machines (Ubuntu). Pretty puzzled. – Amalgovinus – 2014-06-17T02:05:39.037