Passwordless SSH not working

Question

I have set up passwordless ssh authentication (via authorized_keys) numerous times successfully and with ease, usually on servers that did not have any custom ssh-related configuration changes prior to that.

Now I need to set it up on a CentOS server where another person previously disabled this feature due to "security concerns" expressed by an ill-informed manager. That person is no longer available and I cannot figure out how to make this work.

I have this in the sshd_config:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  %h/.ssh/authorized_keys
UsePAM yes

There are other settings, but I thought they did not make a difference. Any suggestions what I should check to make this work?

Permissions on `authorized_keys` and `.ssh`? try connecting with `-vv` and post the results. — Bart De Vos, May 18 '11 at 15:13
What error message are you seeing ? Can you add the ouput of `ssh -vvv ...` to you question? — user9517, May 18 '11 at 15:13
It was the permissions on authorized_keys, now I almost feel stupid ;). But not as stupid as I would have been if I kept torturing the sshd config to try to get it to work :) — SaltyNuts, May 18 '11 at 15:23

score 6 · Accepted Answer · edited May 18 '11 at 15:31

6

The most common reason I have seen is permissions to ~/.ssh/authorized keys is too permissive. The authorized keys file must have read/write ONLY for the owner (chmod 600 ~/.ssh/authorized_keys). The directory itself can also not allow any writes (chmod 700 ~/.ssh)

edited May 18 '11 at 15:31

EEAA

109,363
18
175
245

answered May 18 '11 at 15:14

Alex

6,603
1
24
32

chmod 600 ~/.ssh/authorized keys I think – Paweł Brodacki May 18 '11 at 15:17
You are correct...bad place to typo :) – Alex May 18 '11 at 15:19
I cannot believe I got fooled by this simple thing! Thank you! – SaltyNuts May 18 '11 at 15:20

score 4 · Answer 2 · answered May 18 '11 at 15:15

You can actually comment out AuthorizedKeysFile, as it's the default.

What's the server logging when failing currently? Have you checked permissions on .ssh and authorized_keys and/or disabled StrictModes?

Increase the LogLevel if necessary and/or run sshd in detached mode.

score 2 · Answer 3 · answered May 18 '11 at 15:17

2

Quick-and-dirty solution: copy /etc/ssh/sshd_config and /etc/ssh/ssh_config from a server where it works.

You could also strip all comments from the files on working and non-working server (e.g. run egrep -v '^#' /etc/ssh/sshd_config | sort | uniq and compare results on both servers.

Also look at the directory and file permissions, as Alex suggested.

answered May 18 '11 at 15:17

Paweł Brodacki

6,511
20
23

vote up for the very handy grep command – SaltyNuts May 18 '11 at 15:21
ssh_config controls the client-side of ssh, copying it to the server you want to connect to is not useful. – rsl May 18 '11 at 15:27
Right, there's no point copying client's config to the server side. – Paweł Brodacki May 19 '11 at 05:48

Passwordless SSH not working

3 Answers3