SSH public keys do not work

SSH Public Keys do not work

Q: I am trying to make a public key allow password-less logins. I have added the public key to the authorized_keys file but ssh still asks for a password.

A. The most common problem that causes public keys to fail are permissions in the $HOME directory. Your $HOME directory cannot be writable by any user except the owner. Additionally, the .ssh directory and the authorized_keys file cannot be writable except by the owner. The ssh protocol will not report the problem but will silently ignore the authorized_keys file if any permissions are wrong.

To fix the destination public key handshake, you can do this (logged in as the remote user):

    chmod 755 $HOME $HOME/.ssh
chmod 600 $HOME/.ssh/*

Alternatively, you can just remove the write capability with:

chmod go-w $HOME $HOME/.ssh
chmod go-w $HOME/.ssh/*

Also, the $HOME and $HOME/.ssh directories must be owned by the user and all the files in .ssh owned by the user. A common error is to create the .ssh directory and files as root and forget to assign the proper permissions and ownership. A better way is to login as the user, then run ssh-keygen -t to create not only the ssh keys but the .ssh directory with correct permissions and ownership.

Finally, make sure your ssh source (ie, PuTTY, Reflection, SecureCRT, etc) is supplying the expected key. For PuTTY, the location must be specified with:

Connection -> SSH -> Auth

Specify the Private key file for authentication: ________ Browse

A possible choice is to run puttygen and specify C:PuTTY as the common directory for PuTTY configuration and log files. As always, consider security concerns when using a top level directory on a shared PC.

– See more at: http://serviceitdirect.com/blog/ssh-public-keys-do-not-work#sthash.R1IbjWHv.dpuf


Tags: