SSH Permission denied (public key), but root ssh works
SSH logins can fail for various reasons(incorrect directory/file permissions,incorrect keys etc.) and the connecting client will just get
Permission denied
orNo more authentication methods to try
or some generic error.The exact reason for the login failure will be available in ssh log
/var/log/auth.log
or/var/log/secure
depending on the syslog configuration.
Same problem for me fresh CentOS7 install.
1. check home dir permissions and ~/.ssh and ~/.ssh/authorized_keys permissions (as @clement says)
chmod o-w ~/; chmod 700 ~/.ssh; chmod 600 ~/.ssh/authorized_keys
2. check /etc/ssh/sshd_config settings && service sshd restart (after each edit) Useful: try "LogLevel VERBOSE" in sshd_config.
I still got password prompt after checking all that was ok.
Run ssh client with -vvv logs:
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Server (/var/log/secure) logs:
Failed publickey for * from * port * ssh2: RSA *
ssh server doesn't send more error info to client as that would be a security risk.
If I ran sshd on different port 'sshd -p 5555 -d'. The key worked. Passwordless login ok. WTF?
SAD :-( to say I then disabled selinux (set SELINUX=disabled in /etc/selinux/config) and reboot. Passwordless login then worked ok.
my current working sshd_config settings:
[root@hp-bl-05 ~]# grep -vE "^#|^$" /etc/ssh/sshd_config
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
SyslogFacility AUTHPRIV
LogLevel VERBOSE
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
HostbasedAuthentication yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
UseDNS no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/libexec/openssh/sftp-server
So it would be nice to know could we change something small in selinux to get passwordless ssh login to work. Can anyone improve the answer?
same here: https://superuser.com/questions/352368/ssh-still-asks-for-password-after-setting-up-key-based-authentication/1072999#1072999