You are hereSSH Key Problem Troubleshooting
SSH Key Problem Troubleshooting
I've wasted enough time with these seemingly simple tasks to warrant a quick post. The problem is that you've created keys, put the relevant files all over the place, but nothing seems to be working.
- Permissions
The permissions shown are the maximum, you could put less...authorized_keys and authorized_keys2 600 .ssh 700 Home Directory 711 Keys (id_dsa,id_rsa) 600 Public Keys (id_dsa.pub,id_rsa.pub) 644 - Account locked.
You created an account, created a key, got everything in the right location but you cannot ssh in using the key.
If you used useradd and didn't set a password, then the acount is locked. Edit /etc/shadow and change
user:!!: to user:*: - SSH Permit
You forgot that you have an AllowUsers in /etc/ssh/sshd_config
Add the user to AllowUsers
AllowUsers previous users this user
Note: this allows the users: previous; users; this; and user access to the machine
You forgot that you have a DenyUsers in /etc/ssh/sshd_config
Remove the user from DenyUsers
Note: if this is your issue, you've been smoking too much weed - Still doesn't work, you get key-error or protocol mismatch.
- You are using an rsa1 key on a host that supports only ssh2 (rsa and dsa keys).
Note to self: Get with it buddy, ssh1, "what's with you man?" - You are using a dsa or rsa key on a host that supports only ssh1 (rsa1).
- You are using an rsa1 key on a host that supports only ssh2 (rsa and dsa keys).
Tags
Solved some of my problems!
Another (fairly basic, but oh so annoying if you fail) is the spelling of authorized_keys. It needs to be authorized_keys and not authorized_leys as I tried. :)
[...] Shared SSH Key Problem Troubleshooting. [...]
The minimum permissions for the user's homedir are not 711, but 755 (r-x for group/others). Tested with these permissions and the keys worked.
Great article, by the way - helped me troubleshoot some bad permissions :)
[...] the guy in the post was having might just be permission or other key problems…here’s my checklist for [...]
Thank you. I too have beaten my head on this over, and over, and over, for years. For me, g+w on the home directory was an issue. And several years ago when I finally figured out all this stuff, I wrote some post somewhere so that no one would have to suffer. But I couldn't find it :-)
Thanks!
Thank you for the great post. I was scratching my head over a non-working ssh keys setup but managed to resolve it using the checklist you've put together here :)
Awesome...my problem was as simple as a permission problem. Thanks for the post.
Thanks for the info, it helped me solve a problem with my ssh setup - which I was doing for the first time ...
Also, if you used cut and paste method to create/enter key into authorized_keys, make sure the key is one continuous line and not broken by linefeeds or CRs.
Very useful- also remember if setting up the key for a user other than root, that the authorized_keys file is owned by the correct user/group.
Cheers
collect underpants?
Also, when trying to do root logins (only on SECURED systems):
1) make sure that you set: PermitRootLogin yes
2) make sure that you set the root directory properly in /etc/passwd (IE: /root/.ssh/authorized_keys doesn't work if you have root homedir set to /)
3) Profit.
Thanks for the tips. It seemed that my problem/solution was not on your list. I had an issue where my keys were compromized. You can check it out here:
http://peppyheppy.com/2009/1/14/fail-compromised-ssh-public-key-on-ubuntu
[...] « SSH Key Problem Troubleshooting [...]
Post new comment