Unable to login(ssh) with public private key pair

18,499

ssh is pretty picky about permissions on directories and files when it comes to reading the public keys on the destination host. Check the following permissions on the box you are trying to log into:

  • Your home directory ~/ should have permissions of 755 (rwxr-xr-x) or less
  • Your ~/.ssh directory should also have permissions of 755 (rwxr-xr-x) or less
  • Your ~/.ssh/authorized_keys or ~/.ssh/authorized_keys2 file should have permissions of 644 (rw-r--r--) or less.

Of course it's also possible that you don't have the correct public key in your destination's authorized_keys file. Use ssh-copy-id to copy the keys to your destination, like this:

ssh-copy-id server.example.com

Replace server.example.com with the hostname of your destination server. It should prompt you for a password and then copy your keys across.

Share:
18,499

Related videos on Youtube

raju
Author by

raju

Updated on September 18, 2022

Comments

  • raju
    raju over 1 year

    I am unable to login with public private key pairs. I do have access with a password. Following are the logs on server side and on the client side. Why am I unable to login?

    type=CRYPTO_KEY_USER msg=audit(1481731455.027:102046): user pid=8859 uid=0 auid=0 ses=6158 msg='op=destroy kind=session fp=? direction=both spid=8860 suid=74 rport=59031 laddr=XX.XXX.XX.XXX lport=22  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
    type=USER_ERR msg=audit(1481731455.028:102047): user pid=8859 uid=0 auid=0 ses=6158 msg='op=PAM:bad_ident acct="?" exe="/usr/sbin/sshd" hostname=YY.YYY.YY.YYY addr=YY.YYY.YY.YYY terminal=ssh res=failed'
    type=CRYPTO_KEY_USER msg=audit(1481731455.028:102048): user pid=8859 uid=0 auid=0 ses=6158 msg='op=destroy kind=server fp=6f:21:ce:5c:81:10:5e:63:db:32:54:71:80:bf:99:97 direction=? spid=8859 suid=0  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
    type=CRYPTO_KEY_USER msg=audit(1481731455.028:102049): user pid=8859 uid=0 auid=0 ses=6158 msg='op=destroy kind=server fp=d7:a6:59:60:99:86:45:95:69:79:bf:ea:8a:fa:0a:46 direction=? spid=8859 suid=0  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
    type=USER_LOGIN msg=audit(1481731455.028:102050): user pid=8859 uid=0 auid=0 ses=6158 msg='op=login acct="user" exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=ssh res=failed'
    type=CRYPTO_KEY_USER msg=audit(1481731455.707:102051): user pid=8862 uid=0 auid=0 ses=6158 msg='op=destroy kind=server fp=6f:21:ce:5c:81:10:5e:63:db:32:54:71:80:bf:99:97 direction=? spid=8862 suid=0  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
    type=CRYPTO_KEY_USER msg=audit(1481731455.707:102052): user pid=8862 uid=0 auid=0 ses=6158 msg='op=destroy kind=server fp=d7:a6:59:60:99:86:45:95:69:79:bf:ea:8a:fa:0a:46 direction=? spid=8862 suid=0  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
    type=CRYPTO_SESSION msg=audit(1481731455.708:102053): user pid=8861 uid=0 auid=0 ses=6158 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=8862 suid=74 rport=59032 laddr=XX.XXX.XX.XXX lport=22  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
    type=CRYPTO_SESSION msg=audit(1481731455.708:102054): user pid=8861 uid=0 auid=0 ses=6158 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=8862 suid=74 rport=59032 laddr=XX.XXX.XX.XXX lport=22  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
    type=USER_AUTH msg=audit(1481731455.764:102055): user pid=8861 uid=0 auid=0 ses=6158 msg='op=pubkey acct="user" exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=ssh res=failed'
    

    Following are the logs on client side

    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
    debug1: Reading configuration data /home/user/.ssh/config
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to XX.XXX.XX.XXX [XX.XXX.XX.XXX] port 22.
    debug1: Connection established.
    debug1: identity file /home/user/.ssh/identity type -1
    debug1: identity file /home/user/.ssh/identity-cert type -1
    debug1: identity file /home/user/.ssh/id_rsa type 1
    debug1: identity file /home/user/.ssh/id_rsa-cert type -1
    debug1: identity file /home/user/.ssh/id_dsa type -1
    debug1: identity file /home/user/.ssh/id_dsa-cert type -1
    debug1: identity file /home/user/.ssh/id_ecdsa type -1
    debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
    debug1: match: OpenSSH_5.3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'XX.XXX.XX.XXX' is known and matches the RSA host key.
    debug1: Found key in /home/user/.ssh/known_hosts:6
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +                           =====================                             +
    +                           !!! C A U T I O N !!!                             +
    +                           =====================                             +
    +                                                                             +
    +               This system is for the use of authorized users only.          +
    +       Individuals using this computer system without authority, or in       +
    +       excess of their authority, are subject to having all of their         +
    +       activities on this system monitored and recorded by system            +
    +       personnel.                                                            +
    +       In the course of monitoring individuals improperly using this         +
    +       system, or in the course of system maintenance, the activitie         +
    +       of authorized users may also be monitored.                            +
    +       Anyone using this system expressly consents to such monitoring        +
    +       and is advised that if such monitoring reveals possible               +
    +       evidence of criminal activity, system personnel may provide the       +
    +       evidence of such monitoring to law enforcement officials.             +
    +                                                                             +
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/user/.ssh/identity
    debug1: Offering public key: /home/user/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /home/user/.ssh/id_dsa
    debug1: Trying private key: /home/user/.ssh/id_ecdsa
    debug1: Next authentication method: password
    [email protected]'s password: 
    

    What might be the reason? I cant make much out of server logs though.

    • Michael Hampton
      Michael Hampton over 7 years
      Check the server logs.
    • Shui shengbao
      Shui shengbao over 7 years
      Check server logs /var/log/messages.
  • raju
    raju over 7 years
    I solved problem by changing the permissions of .ssh folder
  • Sybille Peters
    Sybille Peters about 3 years
    Permissions can often be a problem with ssh so it is a good tip to check permissions. However I strongly disagree with giving "other" any permission to home and especially to .ssh. This way, "other" could potentially read your keys. Would use 600 for files and 700 for directories respectively. or 660 / 770 if the group must have read access.You did write "or less", but why give "other" any access at all?