SSH asks for password, even with public key installed

Possible Duplicate:
Problem with shared ssh keys

I have set up pub key authentication between two servers. Everything should work, but I am still asked for the password.

Here’s parts of my sshd config file, which I didn’t alter after setting up the system.

RSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysFile      %h/.ssh/authorized_keys

The authorized key file exists and everything. I’ve been doing this procedure with public keys on many machines and never had that problem.What would you suggest doing?

Debug output gives me the following:

debug1: identity file /root/.ssh/identity type -1debug3: Not a RSA1 key file /root/.ssh/id_rsa.debug2: key_type_from_name: unknown key type '-----BEGIN'debug3: key_read: missing keytypedebug3: key_read: missing whitespacedebug3: key_read: missing whitespace...debug2: key_type_from_name: unknown key type '-----END'debug3: key_read: missing keytypedebug1: identity file /root/.ssh/id_rsa type 1debug1: identity file /root/.ssh/id_dsa type -1debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2debug2: fd 3 setting O_NONBLOCKdebug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1debug2: kex_parse_kexinit: ssh-rsa,ssh-dssdebug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctrdebug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctrdebug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: none,zlib@openssh.com,zlibdebug2: kex_parse_kexinit: none,zlib@openssh.com,zlibdebug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1debug2: kex_parse_kexinit: ssh-rsa,ssh-dssdebug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctrdebug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctrdebug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: none,zlib@openssh.comdebug2: kex_parse_kexinit: none,zlib@openssh.comdebug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5debug1: kex: server->client aes128-cbc hmac-md5 nonedebug2: mac_setup: found hmac-md5debug1: kex: client->server aes128-cbc hmac-md5 nonedebug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_GROUPdebug2: dh_gen_key: priv key bits set: 126/256debug2: bits set: 529/1024debug1: SSH2_MSG_KEX_DH_GEX_INIT sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_REPLYdebug3: check_host_in_hostfile: filename /root/.ssh/known_hostsdebug3: check_host_in_hostfile: match line 4debug1: Host '...' is known and matches the RSA host key.debug1: Found key in /root/.ssh/known_hosts:4debug2: bits set: 481/1024debug1: ssh_rsa_verify: signature correctdebug2: kex_derive_keysdebug2: set_newkeys: mode 1debug1: SSH2_MSG_NEWKEYS sentdebug1: expecting SSH2_MSG_NEWKEYSdebug2: set_newkeys: mode 0debug1: SSH2_MSG_NEWKEYS receiveddebug1: SSH2_MSG_SERVICE_REQUEST sentdebug2: service_accept: ssh-userauthdebug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug2: key: /root/.ssh/identity ((nil))debug2: key: /root/.ssh/id_rsa (0xb7fef588)debug2: key: /root/.ssh/id_dsa ((nil))debug1: Authentications that can continue: publickey,passworddebug3: start over, passed a different list publickey,passworddebug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,passworddebug3: authmethod_lookup publickeydebug3: remaining preferred: keyboard-interactive,passworddebug3: authmethod_is_enabled publickeydebug1: Next authentication method: publickeydebug1: Trying private key: /root/.ssh/identitydebug3: no such identity: /root/.ssh/identitydebug1: Offering public key: /root/.ssh/id_rsadebug3: send_pubkey_testdebug2: we sent a publickey packet, wait for replydebug1: Authentications that can continue: publickey,passworddebug1: Trying private key: /root/.ssh/id_dsadebug3: no such identity: /root/.ssh/id_dsadebug2: we did not send a packet, disable methoddebug3: authmethod_lookup passworddebug3: remaining preferred: ,passworddebug3: authmethod_is_enabled passworddebug1: Next authentication method: password

Edit: My private key file looks something like:

-----BEGIN RSA PRIVATE KEY-----key goes here-----END RSA PRIVATE KEY-----

I generated it using ssh-keygen -t rsa. My client and server versions are:

OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 (client)OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007 (server)

This is the directory structure on the client:

root@xxx:~/.ssh# ls -lhatotal 20Kdrwx------ 2 root root 4.0K 2010-10-19 18:00 .drwxr-xr-x 8 root root 4.0K 2010-10-17 00:01 ..-rw------- 1 root root 1.7K 2010-10-19 18:51 id_rsa-rw-r--r-- 1 root root  393 2010-10-19 18:51 id_rsa.pub-rw-r--r-- 1 root root 1.6K 2010-10-19 18:02 known_hosts

And this is on the server:

...:/home/xxx/.ssh# ls -lhatotal 12Kdrwx------ 2 dreisadmin dreisadmin 4.0K 2010-10-19 18:07 .drwxrwxr-x 5 dreisadmin dreisadmin 4.0K 2010-10-19 18:58 ..-rw------- 1 dreisadmin dreisadmin  393 2010-10-19 19:33 authorized_keys

Solution:

Make sure that ~/.ssh is set 0700 and that ~/.ssh/authorized_keys is set 0600.

Solution:

Related News

Partitioning – What’s the point of hard drives reporting their physical sector size?

Pass command line arguments to Windows “Open With”

Passwords – How to enable autologon in Windows 7

Pci express – Will a PCI-E V2.0 Graphics Card work with a PCI-E V1.0 Motherboard?