You are hereSSH Key Problem Troubleshooting

SSH Key Problem Troubleshooting


By thomas - Posted on 05 April 2006

I've wasted enough time with these seemingly simple tasks to warrant a quick post. The problem is that you've created keys, put the relevant files all over the place, but nothing seems to be working.
  • Permissions
    authorized_keys and authorized_keys2600
    .ssh700
    Home Directory711
    Keys (id_dsa,id_rsa)600
    Public Keys (id_dsa.pub,id_rsa.pub)644
    The permissions shown are the maximum, you could put less...
  • Account locked.
    You created an account, created a key, got everything in the right location but you cannot ssh in using the key.
    If you used useradd and didn't set a password, then the acount is locked. Edit /etc/shadow and change
    user:!!: to user:*:
  • SSH Permit
    You forgot that you have an AllowUsers in /etc/ssh/sshd_config
    Add the user to AllowUsers
    AllowUsers previous users this user
    Note: this allows the users: previous; users; this; and user access to the machine
    You forgot that you have a DenyUsers in /etc/ssh/sshd_config
    Remove the user from DenyUsers
    Note: if this is your issue, you've been smoking too much weed
  • Still doesn't work, you get key-error or protocol mismatch.
    • You are using an rsa1 key on a host that supports only ssh2 (rsa and dsa keys).
      Note to self: Get with it buddy, ssh1, "what's with you man?"
    • You are using a dsa or rsa key on a host that supports only ssh1 (rsa1).
Tags

Solved some of my problems!

Another (fairly basic, but oh so annoying if you fail) is the spelling of authorized_keys. It needs to be authorized_keys and not authorized_leys as I tried. :)

[...] Shared SSH Key Problem Troubleshooting. [...]

The minimum permissions for the user's homedir are not 711, but 755 (r-x for group/others). Tested with these permissions and the keys worked.
Great article, by the way - helped me troubleshoot some bad permissions :)

[...] the guy in the post was having might just be permission or other key problems…here’s my checklist for [...]

Thank you. I too have beaten my head on this over, and over, and over, for years. For me, g+w on the home directory was an issue. And several years ago when I finally figured out all this stuff, I wrote some post somewhere so that no one would have to suffer. But I couldn't find it :-)

Thanks!

Thank you for the great post. I was scratching my head over a non-working ssh keys setup but managed to resolve it using the checklist you've put together here :)

Awesome...my problem was as simple as a permission problem. Thanks for the post.

Thanks for the info, it helped me solve a problem with my ssh setup - which I was doing for the first time ...

Also, if you used cut and paste method to create/enter key into authorized_keys, make sure the key is one continuous line and not broken by linefeeds or CRs.

Very useful- also remember if setting up the key for a user other than root, that the authorized_keys file is owned by the correct user/group.

Cheers

collect underpants?

Also, when trying to do root logins (only on SECURED systems):

1) make sure that you set: PermitRootLogin yes
2) make sure that you set the root directory properly in /etc/passwd (IE: /root/.ssh/authorized_keys doesn't work if you have root homedir set to /)
3) Profit.

Thanks for the tips. It seemed that my problem/solution was not on your list. I had an issue where my keys were compromized. You can check it out here:

http://peppyheppy.com/2009/1/14/fail-compromised-ssh-public-key-on-ubuntu

[...] « SSH Key Problem Troubleshooting [...]

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options