8

I was able to setup ssh login using public keys for root users and tried to apply the same logic for non-root users. I have tried to troubleshoot this issue in vain. I am using centos for both my local machine and remote server.

Here is a gist of my sshd_config file a my remote server,

RSAAuthentication yes
PublicKeyAuthentication yes
AuthorizedKeysFile /etc/ssh/user/authorized_keys

PasswordAuthentication no

UsePAM no

PermitRootLogin without-password

I have moved my authorized keys file away from the user's home to /etc/ssh/user/authorized_keys as I read about home dir encryption in centos.

I have also changed the ownership of all files/dirs associated to the non-root user.

Not sure what step I am missing in my config as the same config works very well for root remote logins.

user2887201
  • 223
  • 1
  • 2
  • 5

2 Answers2

6

Remove the authorized_keys entry in your config file. Restart sshd. Make a .ssh directory in your non-root user home directory. Put the key in a file called ~/.ssh/authorized keys. Make the directory 0700 and the authorized_keys file 0644. Do the same for the root user.

dmourati
  • 25,540
  • 2
  • 42
  • 72
  • Do you want me to use the same authorized_keys file for both root and non-root user? – user2887201 Nov 17 '13 at 04:20
  • Up to you............... – dmourati Nov 17 '13 at 04:21
  • I am still getting the same permission denied (publickey,gssapi-keyex,gssapi-with-mic) – user2887201 Nov 17 '13 at 04:25
  • When I tried ssh user@remotehost as a root user the authentication failed. But when I tried logging in as "user" the connection went through. This is a start, thanks a lot! – user2887201 Nov 17 '13 at 04:32
  • 1
    The root ssh key file goes in /root/.ssh/authorized_keys – dmourati Nov 17 '13 at 04:56
  • Restarting SSH was the kicker for me. I guess it doesn't read the file permissions except when it initializes. I also made sure to `chown` the files to the user whose home directory I was in. Don't accidentally leave root as the owner of the files. – Alex W Jun 09 '15 at 15:54
3

Just to be clear, you need the PUBLIC key file (e.g. ~/.ssh/id_rsa.pub) from the origin machine to be in ~/.ssh/authorized_keys on the destination machine.

If you copy over ~/.ssh/id_rsa then that won't work. Modern sshd will also insist on ~/.ssh being mode 700 and ~/.ssh/authorized_keys being mode 600 on the destination machine.

Aside: if you can, use sudo instead of allowing root logins over ssh.

Bill McGonigle
  • 667
  • 5
  • 8