Why am I still getting a password prompt with ssh public key? /usr/sbin/sshd -d -p 2222 | ssh-agent bash | ssh-add ~/.ssh/id_dsa
Make sure the permissions on the
~/.ssh
directory and its contents are proper. When I first set up my ssh key auth, I didn't have the ~/.ssh
folder properly set up, and it yelled at me.- Your home directory
~
, your~/.ssh
directory and the~/.ssh/authorized_keys
file on the remote machine must be writable only by you:rwx------
andrwxr-xr-x
are fine, butrwxrwx---
is no good¹, even if you are the only user in your group (if you prefer numeric modes:700
or755
, not775
).
If~/.ssh
orauthorized_keys
is a symbolic link, the canonical path (with symbolic links expanded) is checked. - Your
~/.ssh/authorized_keys
file (on the remote machine) must be readable (at least 400), but you'll need it to be also writable (600) if you will add any more keys to it. - Your private key file (on the local machine) must be readable and writable only by you:
rw-------
, i.e.600
. - Also, if SELinux is set to enforcing, you may need to run
restorecon -R -v ~/.ssh
(see e.g. Ubuntu bug 965663 and Debian bug report #658675; this is patched in CentOS 6).
If you have root access to the server, the easy way to solve such problems is to run sshd in debug mode, by issuing something like
/usr/sbin/sshd -d -p 2222
on the server (full path to sshd executable required, which sshd
can help) and then connecting from the client with ssh -p 2222 user@host
.=======================
After copying keys to the remote machine and putting them inside the
authorized_keys
you've got to do something like this:ssh-agent bash
ssh-add ~/.ssh/id_dsa or id_rsa
Comments
Post a Comment