Can’t get SSH Public Keys working?

by Irish on January 27, 2012

Having problems getting ssh to use your public key?

Log on to your server as root using a password. Remember not to log out as root until you have ssh working with your public key or you may inadvertently lock yourself off the box.. which sucks ;) Double check your sshd_config, I use the following options (note you will have to restart ssh for these changes to take effect):

1
2
3
4
5
6
7
8
Port 30000    <--- change to a port of your choosing
Protocol 2
PermitRootLogin no
PasswordAuthentication no
UseDNS no
AllowUsers deploy   <--- change to whatever users you want
ClientAliveInterval 30
ClientAliveCountMax 4

Make sure your public key is in the .ssh/authorized_keys file for the user you plan on logging onto the server as. You can use this super helpful authme bash function.

So let’s say you’ve done all this and YOU STILL CAN’T get it to work. It’s probably because you have incorrect permissions set on the .ssh directory and/or the authorized_keys file. You can check this by looking at the ssh auth log. Depending on your server OS it’s usually either /var/log/auth.log or /var/log/secure . Tail this file and see if you’re getting this message

1
Authentication refused: bad ownership or modes for directory /home/deploy/.ssh

Obviously your directory will be different depending on the name of the user you’re trying to ssh on as. But this message is the give away that your permissions are wrong. Change them with the following, assuming your username is “deploy”, otherwise just substitute that part.

$ chmod go-w /home/deploy/
$ chmod 700 /home/deploy/.ssh
$ chmod 600 /home/deploy/.ssh/authorized_keys

Try ssh’ing on again in another terminal window and you should be good. Now it would be safe to log off as root.

{ 1 comment… read it below or add one }

Adriana February 24, 2012 at 3:51 pm

thanks for share!

Reply

Leave a Comment

{ 1 trackback }

Previous post:

Next post: