SSH Key Problem Troubleshooting
I’ve wasted enough time with these seemingly simple tasks to warrant a quick post. The problem is that you’ve created keys, put the relevant files all over the place, but nothing seems to be working.
- Permissions
The permissions shown are the maximum, you could put less…authorized_keys and authorized_keys2 600 .ssh 700 Home Directory 711 Keys (id_dsa,id_rsa) 600 Public Keys (id_dsa.pub,id_rsa.pub) 644 - Account locked.
You created an account, created a key, got everything in the right location but you cannot ssh in using the key.
If you used useradd and didn’t set a password, then the acount is locked. Edit /etc/shadow and change
user:!!: to user:*: - SSH Permit
You forgot that you have an AllowUsers in /etc/ssh/sshd_config
Add the user to AllowUsers
AllowUsers previous users this user
Note: this allows the users: previous; users; this; and user access to the machine
You forgot that you have a DenyUsers in /etc/ssh/sshd_config
Remove the user from DenyUsers
Note: if this is your issue, you’ve been smoking too much weed - Still doesn’t work, you get key-error or protocol mismatch.
- You are using an rsa1 key on a host that supports only ssh2 (rsa and dsa keys).
Note to self: Get with it buddy, ssh1, “what’s with you man?” - You are using a dsa or rsa key on a host that supports only ssh1 (rsa1).
- You are using an rsa1 key on a host that supports only ssh2 (rsa and dsa keys).
April 5th, 2006 at 9:58 am
[...] « SSH Key Problem Troubleshooting [...]
January 14th, 2009 at 9:36 am
Thanks for the tips. It seemed that my problem/solution was not on your list. I had an issue where my keys were compromized. You can check it out here:
http://peppyheppy.com/2009/1/14/fail-compromised-ssh-public-key-on-ubuntu
February 12th, 2009 at 12:22 pm
Also, when trying to do root logins (only on SECURED systems):
1) make sure that you set: PermitRootLogin yes
2) make sure that you set the root directory properly in /etc/passwd (IE: /root/.ssh/authorized_keys doesn’t work if you have root homedir set to /)
3) Profit.
February 12th, 2009 at 12:25 pm
collect underpants?
March 5th, 2009 at 3:03 am
Very useful- also remember if setting up the key for a user other than root, that the authorized_keys file is owned by the correct user/group.
Cheers
July 14th, 2009 at 10:19 am
Also, if you used cut and paste method to create/enter key into authorized_keys, make sure the key is one continuous line and not broken by linefeeds or CRs.
July 16th, 2009 at 4:17 am
Thanks for the info, it helped me solve a problem with my ssh setup – which I was doing for the first time …
December 14th, 2009 at 9:20 am
Awesome…my problem was as simple as a permission problem. Thanks for the post.