HostOnNet Blog

SSH publickey authentication not working

On a CentOS 6.8 server i added my SSH public key. When i login, it keep asking me the password.

I enabled debug message with

ssh -v root@SERVER-IP

Still don’t see any useful info to debug. It just ended up with

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/boby/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/boby/.ssh/id_dsa
debug1: Trying private key: /home/boby/.ssh/id_ecdsa
debug1: Trying private key: /home/boby/.ssh/id_ed25519
debug1: Next authentication method: password
root@162.253.153.77’s password:

Check Server Log

On server side, you may find some useful info in

tail -f /var/log/secure

Check Permissions

On server, you need 600 permission for ~/.ssh folder and files inside it.

Check if PubkeyAuthentication enabled

You can see this from client side with ssh -v command. On server side make sure PubkeyAuthentication is set to yes.

[root@ET-02-01-SRV-001 ~]# grep PubkeyAuthentication /etc/ssh/sshd_config
PubkeyAuthentication yes 
[root@ET-02-01-SRV-001 ~]# 

If you make change to sshd_config file, make sure you restart sshd with

service sshd restart

SELinux

If SELinux is enabled, you won’t be able to use public key authentication. You can disable SELinux or run

restorecon -R -v ~/.ssh

Example

[root@ET-02-01-SRV-001 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 30
Policy from config file:        targeted
[root@ET-02-01-SRV-001 ~]# restorecon -R -v ~/.ssh
restorecon reset /root/.ssh context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /root/.ssh/authorized_keys context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
[root@ET-02-01-SRV-001 ~]# 

Posted in Linux