SSH server won't recognize authorized_keys

Question

I've been trying to set up Git over SSH and have followed the guides I've seen to the letter. I use ssh-keygen to create a key set, log into the remote host and append the public key to .ssh/authorized_users using cat id_rsa.pub >> .ssh/authorized_keys. When I try to log in, I still get prompted for the user's (git user) password.

I also found a tutorial that showed how to use putty's keygen tool and followed that. Again, nothing. No variation of any tutorial I've found seems to get sshd on the remote host to allow me to log in with the generated key.

Is there any way to manually control this? I'm stuck on Red Hat Enterprise Linux 4 for now.

All else being equal, running `restorecon -R -v /root/.ssh` on the server side (not the connecting client) made a difference. — ADTC, Dec 11 '15 at 12:44

score 12 · Answer 1 · edited Aug 21 '23 at 23:18

12

Make sure permissions are correct:

$ chown <user> -R ~<user>/.ssh
$ chmod 700 ~<user>/.ssh
$ chmod 600 ~<user>/.ssh/authorized_keys

Also make sure that sshd_config has:

PubkeyAuthentication yes

edited Aug 21 '23 at 23:18

Erik Aronesty

306
2
8

answered Apr 17 '12 at 13:11

EEAA

109,363
18
175
245

Mine are aq bit more lax than that and still work - but this is probably a better idea! – Tom Newton Apr 17 '12 at 13:12

score 4 · Accepted Answer · answered Apr 17 '12 at 13:08

If you have access to the SSHd configuration you can check if PubkeyAuthentication is set to yes to allow public key authentication. If PubkeyAuthentication is set to no you will not be able to login with your public key and the server will prompt you for your password.

score 3 · Answer 3 · answered May 01 '18 at 15:07

If the user's home directory has group-write permissions, SSH will not permit public-key authentication, because otherwise any other member of the group could do the following and gain access to the user's account:

mv .ssh ..ssh
mkdir .ssh
cp ..ssh/* .ssh
echo "myfakekey" >> .ssh/authorized_keys

I see group-write home directories far, FAR too often. I've gone so far as to create a cron job to "chmod g-w" every homedir once an hour when the users have refused to heed my warnings.

Great answer, that was exactly what I was playing around with :) — neildaemond, Mar 20 '21 at 01:37

score 1 · Answer 4 · answered Apr 17 '12 at 13:13

1

Did you check this setting in sshd_config?

PubkeyAuthentication yes

Also check the permissions on .ssh and the private key .ssh needs to be 700 and the key 600.

answered Apr 17 '12 at 13:13

jkadijk

21
1

score 0 · Answer 5 · answered Oct 15 '22 at 02:28

0

To correctly set the permissions on windows, use icacls.exe:

icacls.exe "C:\Users\USERNAME.ssh\authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"

answered Oct 15 '22 at 02:28

IanJ

101

score 0 · Answer 6 · answered Apr 17 '12 at 13:09

0

Check the permissions on the authorized_keys file - 640 should be about right. SSH can be (rightly) picky about perms on these files and the .ssh directory which should be 755 at worst.

answered Apr 17 '12 at 13:09

Tom Newton

4,141
2
24
28

score 0 · Answer 7 · answered Apr 17 '12 at 13:30

0

Check for AuthorizedKeysFile in /etc/ssh/sshd_config. Perhaps it is specifying an alternate location. The server's auth.log should tell you the reason for the authentication failure. root access required.

answered Apr 17 '12 at 13:30

UtahJarhead

928
7
14

SSH server won't recognize authorized_keys

7 Answers7