Public key authentication for SSH

From ben.goodacre.name/tech

Jump to: navigation, search

Contents

Check Server Config

Ensure the following settings are set in /etc/ssh/sshd_config:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile     %h/.ssh/authorized_keys

Many distrubutions have these settings by default, AuthorizedKeysFile could have the %h omitted - this is OK.

Create keys

Logon to the server you wish to connect TO, as the user you wish to connect as:

cd ~
ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub >~/.ssh/authorized_keys
cat ~/.ssh/id_rsa.pub >~/.ssh/authorized_keys2
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized*

Copy the ~/.ssh/id_rsa file to the server you are connecting FROM as the equivalent ~/.ssh/id_rsa file.

Troubleshooting

Use the -vvv switch to allow verbose mode of ssh

Erroneous verbose mode error messages

The following look like errors but they are perfectly OK and even appear when a sucessful public key authentication has taken place:

debug3: Not a RSA1 key file /home/username/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'

This is perfectly normal as we are using RSA2 keys!

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

The above error can relate to outdated SSH keys, particularly on Debian systems, although it also occurs when authentication has completed OK.

Log file locations

Debian/Ubuntu: /var/log/auth.log
Redhat/CentOS: /var/log/secure

Check Ownership and modes

From /var/log/secure:

Authentication refused: bad ownership or modes for file /home/username/.ssh/authorized_keys2

Check that your authorized_keys file is owned by the user you are logging on as and has 600 permissions.

See Also

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox