5

I'm working on a (Debian) Dreamhost VPS, and it seems to want password-based authentication only: adding my RSA and DSA public keys to ~/.ssh/authorized_keys did not change the behavior of requiring a password to log in.

How can set the server up so it can accept ~/.ssh/authorized_keys?

Teun Zengerink
  • 199
  • 5
  • 13
Christos Hayward
  • 1,162
  • 3
  • 16
  • 35

5 Answers5

16

You will need to edit /etc/ssh/sshd_config as follows:

# Both of these are probably already there, but commented
PubkeyAuthentication yes
# The next line makes sure that sshd will look in 
# $HOME/.ssh/authorized_keys for public keys
AuthorizedKeysFile      %h/.ssh/authorized_keys

Additionally, if you want to disable password authentication alltogether (which is usually a good idea, if you use keypairs), add the following:

# Again, this rule is already there, but usually defaults to 'yes'
PasswordAuthentication no

After that, restart ssh by issueing /etc/init.d/sshd restart and you should be fine!

The above assumes you have already properly created the .ssh dir with the proper permissions.

This means you set chmod 0700 to ~/.ssh.

Aron Rotteveel
  • 8,449
  • 17
  • 53
  • 64
4

Here are the steps: 1. Upload your public key to the site and add it to the ~/.ssh/authorized_keys file. 2. Ensure that the authorized keys has attributes of 0600 (chmod 0600 ~/.ssh/authorized_keys) 3. Now try to ssh, if you using putty, run the pageant and load your private key.

mnain
  • 49
  • 1
  • 1
    This is *incorrect* and *not really an answer to the question*: 1) The question author has already indicated that he created the `authorized_keys` file. 2) `authorized_keys` should be flagged with 0644, not 0700. – Aron Rotteveel Sep 17 '11 at 13:59
  • 3
    ARAIR authorized_keys should be 0600 and .ssh should be 0700. And I believe this is correct answer, as (from my experience) in 99% cases publickey auth does not work to due to options in sshd_config, but due to wrong permissions. – rvs Sep 17 '11 at 14:03
  • 1
    @rvs seems that 0600 works fine indeed as well, so you're right. Chmod 0700 on .ssh is of course still necessary. – Aron Rotteveel Sep 17 '11 at 14:09
2

Also check owner and permission on your home directory. You must own your home directory and permission should not be more than 755.

These settings are unusual, but it is difficult to understand when it happens.

Jérôme Pouiller
  • 131
  • 3
0

Pub keys go in "authorized_keys2", note the 2. As someone else posted above, you can adj the sshd configuration to use your "authorized_keys" file if you wish.

Craig Constantine
  • 759
  • 8
  • 22
0

This was also causing me issues on a server which our SysAdmins use as a jumphost. It was pointed out to me that each user has to be created locally, such that /home/user[123]/authorized_keys has to exist and contain their pub key. Said file needs to be chown'ed as user1:user1.

ssh-rsa ...insert pub key string... user1@local

Creating ~/.ssh/config locally, on the near host, also helps connect faster and define a useful option, namely 'EscapeChar ~'

This may or may not be necessary, chmod 0600 /user1/.ssh/authorized_keys and chmod 0700 /root/.ssh/. It did not help me during my first attempts to troubleshoot.

Edit /etc/ssh/sshd_config and uncomment:

AuthorizedKeysFile      %h/.ssh/authorized_keys
masegaloeh
  • 18,236
  • 10
  • 57
  • 106
Marcos Mota
  • 1
  • 1