Problem: The ssh public key authentication doesn’t work

Try changing the permissions on .ssh/authorized_hosts to restrict READ AND WRITE to your user
eg.
chmod go-rw ~/.ssh/authorized_hosts
SSH doesn’t like it when these files are world-readable

Assuming that you wish to login to the machine called mystery from your current host with the id_rsa and id_rsa.pub files you’ve just generated you should run the following command:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@mystery

This will prompt you for the login password for the host, then copy the keyfile for you, creating the correct directory and fixing the permissions as necessary.

The contents of the keyfile will be appended to the file ~/.ssh/authorized_keys2 for RSA keys,
and ~/.ssh/authorised_keys for the older DSA key types.

Once this has been done you should be able to login remotely, and run commands, without being prompted for a password:

skx@lappy:~$ ssh mystery uptime
09:52:50 up 96 days, 13:45, 0 users, load average: 0.00, 0.00, 0.00

What if it doesn’t work?

There are three common problems when setting up passwordless logins:

* The remote SSH server hasn’t been setup to allow public key authentication.
* File permissions cause problems.
* Your keytype isn’t supported.

Each of these problems is easily fixable, although the first will require you have root privileges upon the remote host.

If the remote server doesn’t allow public key based logins you will need to updated the SSH configuration. To do this edit the file /etc/sshd/sshd_config with your favourite text editor.

You will need to uncomment, or add, the following two lines:

RSAAuthentication yes PubkeyAuthentication yes

Once that’s been done you can restart the SSH server – don’t worry this won’t kill existing sessions:

/etc/init.d/ssh restart

File permission problems should be simple to fix. Upon the remote machine your .ssh file must not be writable to any other user – for obvious reasons. (If it’s writable to another user they could add their own keys to it, and login to your account without your password!).

If this is your problem you will see a message similar to the following upon the remote machine, in the file /var/log/auth:
Jun 3 10:23:57 localhost sshd[18461]: Authentication refused: bad ownership or modes for directory /home/skx/.ssh

IT Tips and Tricks

Like this:

Share this:

Like this: