SSH Key not found logging into CentOS 5.5 from Windows (Cygwin)

Question

I am having difficulties logging in to a VPS running CentOS 5.5 using Public key authentication. I can log in to both a standard user account and the root account using password authentication. I am using Windows and Cygwin, all Cygwin and Windows stuff has been working completely fine for months; I am sure the issue is server side.

I have used ssh-keygen to create both an id_rsa private key and an id_rsa.pub public key. I have copied this into the user directory on the server and done cat id_rsa.pub >> authorized_keys. My /home/myuser/.ssh directory is set to 700, the authorized_keys file is set to 600.

When logging in my system reports the following (-vvv):

Next authentication method: publickey
Offering RSA public key /.ssh/id_rsa
send_pubkey_test
we sent a publickey packet, wait for reply
Authentications that can continue: publickey,password

Then asks me for a password. From my server's /var/log/auth file I have the following related to the public key process

sshd[28249]: input_userauth_request: try method publickey
sshd[28249]: test whether pkalg/pkblob are acceptable
sshd[28249]: mm_key_allowed entering
sshd[28249]: mm_request_send entering: type 21
sshd[28249]: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
sshd[28249]: mm_request_receive_expect entering: type 22
sshd[28248]: monitor_read: checking request 21
sshd[28249]: mm_request_receive entering
sshd[28248]: mm_answer_keyallowed entering
sshd[28248]: mm_answer_keyallowed: key_from_blob: 0x2b6ea1049910
sshd[28248]: temporarily_use_uid: 10022/10022 (e=0/0)
sshd[28248]: trying public key file /home/myuser/.ssh/authorized_keys
sshd[28248]: secure_filename: checking '/home/myuser/.ssh'
sshd[28248]: secure_filename: checking '/home/myuser'
sshd[28248]: secure_filename: terminating check at '/home/myuser'
sshd[28248]: restore_uid: 0/0
sshd[28248]: key not found
sshd[28248]: temporarily_use_uid: 10022/10022 (e=0/0)
sshd[28248]: trying public key file /home/myuser/.ssh/authorized_keys
sshd[28248]: secure_filename: checking '/home/myuser/.ssh'
sshd[28248]: secure_filename: checking '/home/myuser'
sshd[28248]: secure_filename: terminating check at '/home/myuser '
sshd[28248]: restore_uid: 0/0
sshd[28248]: key not found
sshd[28248]: Normalising mapped IPv4 in IPv6 address
sshd[28248]: Failed publickey for myuser from 87.115.220.187 port 59636 ssh2

As if it can't find the authorized_keys file. However the command nano /home/myuser/.ssh/authorized_keys opens the file without issue.

From /etc/ssh/sshd_config:

PubkeyAuthentication yes
AuthorizedKeysFile  .ssh/authorized_keys

Some people have reported that line breaks in the authorized_keys file can cause issues so I've made sure there are none (only 1 key in it anyway). The file begins with ssh-rsa then has the long key and finally a space and M1ke@M1ke-PC.

Anyone got any ideas?

Also the `myuser` directory is also set to `700`. Can't remember if I did that or it was already that way. — M1ke, Mar 10 '12 at 19:00
What about file ownerships? Does `myuser` own all the relevant dirs and files on the server side? — Steven Monday, Mar 10 '12 at 19:58
Can you append the following output to your question: `ls -ld /home/myuser/.ssh{,/authorized_keys}`. I suspect that perhaps the user doesn't own the directory and file? — Belmin Fernandez, Mar 10 '12 at 20:01
Run sshd with debug, then it logs very clear info about permission issues via syslog. — jirib, Mar 10 '12 at 20:28
@JiriXichtkniha In RHEL/CentOS this sort of information is logged to `/var/log/secure` without any modification to the configuration. — Kyle Smith, Mar 10 '12 at 22:11
I posted the sshd debug log in the question. That output is with debug3 which I guess is the most verbose available, but if there's more let me know, as that info still doesn't explain everything. — M1ke, Mar 11 '12 at 04:03
To my knowledge the files and dirs are owned by my user, they appear this way in FileZilla if I browse to the dir. Will check in the morning with ls. — M1ke, Mar 11 '12 at 04:05
I can confirm that the /myuser & /myuser/.ssh directories are and the authorized_keys file is owned by myuser:myuser. — M1ke, Mar 11 '12 at 11:20
Please post `ssh -vvv mouser@SERVER` output from windows machine. — Dmitry Alexeyev, Mar 11 '12 at 17:57
Try running `col < authorized_keys >authorized_keys.bak` ; `mv authorized_keys.bak authorized_keys` to fix line breaks. — Dmitry Alexeyev, Mar 11 '12 at 19:34
No effect, the file is in the format `ssh-rsa *380 character string* M1ke@M1ke-PC` with no line breaks. — M1ke, Mar 11 '12 at 19:51
have you tried copying your private key to the server and login with it locally? — Dmitry Alexeyev, Mar 11 '12 at 20:10
I'm unsure how to do that; are you meaning to SSH in to the server and then using that to SSH back into my client? — M1ke, Mar 12 '12 at 10:27

user9517 · Answer 1 · 2012-03-10T23:14:11.947

3

If you really did do this cat id_rsa.pub < authorized_keys then your authorized_keys file won't then contain a public key to match the private key you are using so ssh falls back to password authentication. To fix the problem

cat id_rsa.pub >>authorized_keys

to add the new public key to your authorized_keys.

edited Mar 10 '12 at 23:14

answered Mar 10 '12 at 20:44

user9517

115,471
20
215
297

Um, no. `cat id_rsa.pub < authorized_keys` doesn't overwrite anything. But it definitely doesn't do anything useful, either. I suspect the question simply has a typo, replacing `<` for `>`. – Steven Monday Mar 10 '12 at 23:08
You're right! but if the op did that then authorized_keys still won't have the correct public key and would be asked for the password. – user9517 Mar 10 '12 at 23:11
True, but later in the question, OP mentions that he has inspected the `authorized_keys` file, and that it does contain (what he assumes to be) his public key. – Steven Monday Mar 10 '12 at 23:16
ass u me - without any other evidence ... – user9517 Mar 10 '12 at 23:19
Aha, now I believe I can agree with your answer. +1. – Steven Monday Mar 10 '12 at 23:30
Steven is right, the file contains my public key (or at least, is identical to my public key) so I typo'd on that command in the question. – M1ke Mar 11 '12 at 04:01

score 0 · Answer 2 · answered Mar 11 '12 at 17:46

0

Is SELinux enabled ? If yes, the file requires context to be set.

answered Mar 11 '12 at 17:46

Shyam Sundar C S

1,063
8
12

a) How do I find out if it is enabled? b) If so, how do I "set context"? – M1ke Mar 11 '12 at 19:26
The link on the post has that information. Anyways, run "sestatus" as root to view the current selinux status. If it is enabled, you could disable selinux altogether as a temporary measure, until you completely read and understand on managing SELinux. – Shyam Sundar C S Mar 11 '12 at 19:36
I looked up SELinux and ran "sestatus". It is set to "disabled". – M1ke Mar 11 '12 at 19:45
What are the "PubkeyAuthentication" and "AuthorizedKeysFile" directives in /etc/ssh/sshd_config set to ? – Shyam Sundar C S Mar 11 '12 at 20:24
Edited it into OP. – M1ke Mar 12 '12 at 10:26
Finally, is there any "AllowUsers" directive in /etc/ssh/sshd_config ? – Shyam Sundar C S Mar 12 '12 at 11:59
Searched for that and it is not present in the file. – M1ke Mar 12 '12 at 14:45
Anything further on this? – M1ke Mar 18 '12 at 16:43

SSH Key not found logging into CentOS 5.5 from Windows (Cygwin)

2 Answers2