Question

8

SSH public key authentication doesn't work

rated 0 times [ 8] [ 0] / answers: 1 / hits: 67832 / 3 Years ago, sat, july 17, 2021, 10:04:46

I'm having trouble setting up public key authentication for an SSH server on Ubuntu Server 12.04 (A) for authentication from an Ubuntu Server 13.04 (B).

What I'm doing now (I'm trying to follow the instructions here):

On B: Create a new key with ssh-keygen -C "", using no passphrase, writing to /.ssh/id_rsa - I don't get any errors

On B: Run ssh-copy-id -i /.ssh/id_rsa user@host-a - also, a success message

On B: ssh -i /.ssh/id_rsa user@host-a - I still have to enter my password for user@host-a

On A, I checked if the /.ssh/authorized_keys is modified after running ssh-copy-id, and this is the case. Also, on both devices I added this to /etc/ssh/sshd_config:

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile /.ssh/authorized_keys

Does anyone know what might be the problem here?

Here's the tail of my /var/log/auth.log on machine A:

Jun 13 22:17:56 laptop-camil sshd[12344]: Server listening on 0.0.0.0 port 22.

Jun 13 22:17:56 laptop-camil sshd[12344]: Server listening on :: port 22.

Jun 13 22:18:27 laptop-camil sshd[12345]: Authentication refused: bad ownership or modes for directory /.ssh

Jun 13 22:18:30 laptop-camil sshd[12345]: Accepted password for camilstaps from 164.138.27.37 port 48407 ssh2

Jun 13 22:18:30 laptop-camil sshd[12345]: pam_unix(sshd:session): session opened for user camilstaps by (uid=0)

Jun 13 22:18:35 laptop-camil sshd[12464]: Received disconnect from 164.138.27.37: 11: disconnected by user

Jun 13 22:18:35 laptop-camil sshd[12345]: pam_unix(sshd:session): session closed for user camilstaps

Jun 13 22:18:42 laptop-camil sshd[12516]: Authentication refused: bad ownership or modes for directory /.ssh

Jun 13 22:18:44 laptop-camil sshd[12516]: Connection closed by <host-b> [preauth]

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

ionash

Add To Favorites

Follow

Total Points: 214

Total Questions: 111

Total Answers: 116

Location: Sudan

Member since Thu, May 7, 2020

4 Years ago

answered 3 Years ago whoppinolo · Accepted Answer

Anything in log files, particularly /var/log/auth.log? You might also double-check permissions on the .ssh directory and files.

I haven't had to modify sshd_config for this kind of access, myself. I am wondering if your modification broke things, especially the AuthorizedKeysFile line.
Typically, you would want to put the authorized_keys under $USER/.ssh .

Here are the permission from a user on one of my servers:

:~/.ssh$ ls -ld .

drwx------ 2 rrd rrd 4096 May 28 17:57 .



:~/.ssh$ ll

total 280

-rw-r----- 1 rrd rrd   4351 May 22 16:20 authorized_keys

-rw------- 1 rrd rrd   1679 Apr 27  2012 id_rsa

-rw-r--r-- 1 rrd rrd    399 Apr 27  2012 id_rsa.pub

-rw-r--r-- 1 rrd rrd 266138 Jun 13 00:18 known_hosts

Make sure the individual files are at least this restricted.

As guntbert points out, also check that the directory and files are owned by you. The permissions won't make sense (or work) otherwise.

Who owns the keys in authorized_keys on B? (The bit that says user@host after the key.) Is it root@A ?

That is, in looking at ~/.ssh/authorized_keys, what is the equivalent of bert@etherbert for your set-up:

ssh-rsa AAAA...ffsII8dSaDF33 bert@etherbet

I would just edit the remote .ssh/authorized keys manually for testing, putting in the id_rsa.pub contents of the user you are intiating the connection with.

Make sure you are coming from the user that has the key in the remote authorized_keys file.