2

I just setup my new server as I used to, and this time I can't login using my private key.

The server is ubuntu 11.04. And I have setup following ssh key directories.

root@myserv: ls -la 
drwx------  2 root root 4096 Sep 23 03:40 .ssh

And in .ssh directory, I have done chmod 640 authorized_keys

Here is the ssh connection tracebacks:

OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to [my.server.ip] [[my.server.ip]] port 22.
debug1: Connection established.
debug1: identity file /Users/john/.ssh/id_rsa type -1
debug1: identity file /Users/john/.ssh/id_rsa-cert type -1
debug1: identity file /Users/john/.ssh/id_dsa type 1
debug1: identity file /Users/john/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3
debug1: match: OpenSSH_5.8p1 Debian-1ubuntu3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ef:b8:8f:b4:fc:a0:57:7d:ce:50:36:17:37:fa:f7:ec
debug1: Host '[my.server.ip]' is known and matches the RSA host key.
debug1: Found key in /Users/john/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/john/.ssh/id_rsa
debug1: Offering RSA public key: /Users/john/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
root@[my.server.ip]'s password:

Update:

I have found the reason but I can't explain it yet.

It is caused by uploading the key using rsync -chavz instead of scp, after I used scp to upload my key, the issue is gone. Can someone explain it?

Later, I tried rsync -chv, still not working

Kalle Richter
  • 268
  • 6
  • 18
user61342
  • 149
  • 1
  • 1
  • 4
  • 2
    Quit using the wrong tool to copy keys. SSH even PROVIDES the proper tool to do that nowadays. If you used ssh-copy-id, this would just plain work. – Magellan Sep 23 '12 at 02:33

3 Answers3

8

The permissions of the ~/.ssh directory should be 700.
The permissions of the ~/.ssh/authorized_keys file should be 600.

This is the quick formula for proper permissions on the server side.

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Another way to move the key is by using the ssh-copy-id command (if available) to copy a key from your system to the remote system. It corrects these permissions.

ewwhite
  • 197,159
  • 92
  • 443
  • 809
1

I had the same issue but on a different platform

For those who use Mac OS X and need the ssh-copy-id tool.... It is available via

brew install ssh-copy-id

This assumes you are a HomeBrew user for your packages on a Mac.

Terry J Fundak
  • 11
  • 1
0

The real answer for this is

Rsync preserves all the permissions and system attributes from my computer, and it won't work on server.

After I executed chown root authorized_keys, it immediately start working.

user61342
  • 149
  • 1
  • 1
  • 4