1

I'm trying to configure SSH access to my CentOS server using an RSA key rather than with a password but it refuses to accept the key. Here's what I've done so far:

On client machine (OSX):

ssh-keygen -b 4096 -C "me@myserver.com" -t rsa
// no passphrase

On Server (CentOS 5):

cat id_rsa.pub >> ~/.ssh/authorized_keys2
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
chmod go-w ~/

// Added to /etc/ssh/sshd_config:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  .ssh/authorized_keys2

// and finally restart sshd
/sbin/service sshd restart

Back on the client trying to connect:

ssh me@myserver.com -v

debug1: Found key in /Users/jwood/.ssh/known_hosts:16
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/jwood/.ssh/identity
debug1: Offering public key: /Users/jwood/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Offering public key: /Users/jwood/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password
me@myserver.com's password:

As you can see, it tries to use the public key and fails falling back to password. What could be wrong with the config to cause this?

Thanks, J

JWood
  • 263
  • 1
  • 3
  • 6
  • 1
    If I remember correctly, CentOS has the line 'AuthorizedKeysFile .ssh/authorized_keys' in by default, did you remove that before adding the one for authorized_keys2? It might still be trying to read from there –  Jul 20 '11 at 12:00
  • That files does exist but the config file has been changed to use the new authorized_keys2 file. Is there any way to find out which file is being used? – JWood Jul 20 '11 at 12:52
  • 1
    tail -f /var/log/secure then ssh in and paste the results – Mike Jul 20 '11 at 13:15
  • Just tried that and nothing is appended to the log. All it shows is connection closed and 'server listening' messages. Is there a setting to enable more detailed logging? – JWood Jul 20 '11 at 13:32
  • @JWood Yes. stop sshd, and run it on the command line: `sshd -d` usually does the trick. If you need more messages, increase the number of `d`s. – Michael Lowman Jul 20 '11 at 21:08
  • If I stop sshd I'll be disconnected won't I? The server is remote and I have no physical access to it. – JWood Jul 21 '11 at 12:23

1 Answers1

1

make sure the authorized_keys2 file is all one line per key

Mike
  • 22,310
  • 7
  • 56
  • 79