SSH Permission denied (public key), but root ssh works

  • SSH logins can fail for various reasons(incorrect directory/file permissions,incorrect keys etc.) and the connecting client will just get Permission denied or No more authentication methods to try or some generic error.

  • The exact reason for the login failure will be available in ssh log /var/log/auth.log or /var/log/secure depending on the syslog configuration.


Same problem for me fresh CentOS7 install.

1. check home dir permissions and ~/.ssh and ~/.ssh/authorized_keys permissions (as @clement says)

chmod o-w ~/; chmod 700 ~/.ssh; chmod 600 ~/.ssh/authorized_keys

2. check /etc/ssh/sshd_config settings && service sshd restart (after each edit) Useful: try "LogLevel VERBOSE" in sshd_config.

I still got password prompt after checking all that was ok.

Run ssh client with -vvv logs: 

debug3: send_pubkey_test 
debug2: we sent a publickey packet, wait for reply

Server (/var/log/secure) logs:

Failed publickey for * from * port * ssh2: RSA *

ssh server doesn't send more error info to client as that would be a security risk.

If I ran sshd on different port 'sshd -p 5555 -d'. The key worked. Passwordless login ok. WTF?

SAD :-( to say I then disabled selinux (set SELINUX=disabled in /etc/selinux/config) and reboot. Passwordless login then worked ok.

my current working sshd_config settings:

[root@hp-bl-05 ~]# grep -vE "^#|^$" /etc/ssh/sshd_config  
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
SyslogFacility AUTHPRIV
LogLevel VERBOSE
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  .ssh/authorized_keys
HostbasedAuthentication yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
UseDNS no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem   sftp    /usr/libexec/openssh/sftp-server

So it would be nice to know could we change something small in selinux to get passwordless ssh login to work. Can anyone improve the answer?

same here: https://superuser.com/questions/352368/ssh-still-asks-for-password-after-setting-up-key-based-authentication/1072999#1072999

Tags:

Ssh

Server

Recent Posts