Unable to login(ssh) with public private key pair

linux ssh authentication rsa
18,499

ssh is pretty picky about permissions on directories and files when it comes to reading the public keys on the destination host. Check the following permissions on the box you are trying to log into:

  • Your home directory ~/ should have permissions of 755 (rwxr-xr-x) or less
  • Your ~/.ssh directory should also have permissions of 755 (rwxr-xr-x) or less
  • Your ~/.ssh/authorized_keys or ~/.ssh/authorized_keys2 file should have permissions of 644 (rw-r--r--) or less.

Of course it's also possible that you don't have the correct public key in your destination's authorized_keys file. Use ssh-copy-id to copy the keys to your destination, like this:

ssh-copy-id server.example.com

Replace server.example.com with the hostname of your destination server. It should prompt you for a password and then copy your keys across.

Share:
18,499

Related videos on Youtube

raju
Author by

raju

Updated on September 18, 2022

Comments

  • raju
    raju almost 2 years

    I am unable to login with public private key pairs. I do have access with a password. Following are the logs on server side and on the client side. Why am I unable to login?

    type=CRYPTO_KEY_USER msg=audit(1481731455.027:102046): user pid=8859 uid=0 auid=0 ses=6158 msg='op=destroy kind=session fp=? direction=both spid=8860 suid=74 rport=59031 laddr=XX.XXX.XX.XXX lport=22  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
type=USER_ERR msg=audit(1481731455.028:102047): user pid=8859 uid=0 auid=0 ses=6158 msg='op=PAM:bad_ident acct="?" exe="/usr/sbin/sshd" hostname=YY.YYY.YY.YYY addr=YY.YYY.YY.YYY terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1481731455.028:102048): user pid=8859 uid=0 auid=0 ses=6158 msg='op=destroy kind=server fp=6f:21:ce:5c:81:10:5e:63:db:32:54:71:80:bf:99:97 direction=? spid=8859 suid=0  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1481731455.028:102049): user pid=8859 uid=0 auid=0 ses=6158 msg='op=destroy kind=server fp=d7:a6:59:60:99:86:45:95:69:79:bf:ea:8a:fa:0a:46 direction=? spid=8859 suid=0  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
type=USER_LOGIN msg=audit(1481731455.028:102050): user pid=8859 uid=0 auid=0 ses=6158 msg='op=login acct="user" exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1481731455.707:102051): user pid=8862 uid=0 auid=0 ses=6158 msg='op=destroy kind=server fp=6f:21:ce:5c:81:10:5e:63:db:32:54:71:80:bf:99:97 direction=? spid=8862 suid=0  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1481731455.707:102052): user pid=8862 uid=0 auid=0 ses=6158 msg='op=destroy kind=server fp=d7:a6:59:60:99:86:45:95:69:79:bf:ea:8a:fa:0a:46 direction=? spid=8862 suid=0  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1481731455.708:102053): user pid=8861 uid=0 auid=0 ses=6158 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=8862 suid=74 rport=59032 laddr=XX.XXX.XX.XXX lport=22  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1481731455.708:102054): user pid=8861 uid=0 auid=0 ses=6158 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=8862 suid=74 rport=59032 laddr=XX.XXX.XX.XXX lport=22  exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=? res=success'
type=USER_AUTH msg=audit(1481731455.764:102055): user pid=8861 uid=0 auid=0 ses=6158 msg='op=pubkey acct="user" exe="/usr/sbin/sshd" hostname=? addr=YY.YYY.YY.YYY terminal=ssh res=failed'

    Following are the logs on client side

    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to XX.XXX.XX.XXX [XX.XXX.XX.XXX] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/identity-cert type -1
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'XX.XXX.XX.XXX' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                           =====================                             +
+                           !!! C A U T I O N !!!                             +
+                           =====================                             +
+                                                                             +
+               This system is for the use of authorized users only.          +
+       Individuals using this computer system without authority, or in       +
+       excess of their authority, are subject to having all of their         +
+       activities on this system monitored and recorded by system            +
+       personnel.                                                            +
+       In the course of monitoring individuals improperly using this         +
+       system, or in the course of system maintenance, the activitie         +
+       of authorized users may also be monitored.                            +
+       Anyone using this system expressly consents to such monitoring        +
+       and is advised that if such monitoring reveals possible               +
+       evidence of criminal activity, system personnel may provide the       +
+       evidence of such monitoring to law enforcement officials.             +
+                                                                             +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/identity
debug1: Offering public key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Next authentication method: password
[email protected]'s password:

    What might be the reason? I cant make much out of server logs though.

    • Michael Hampton
      Michael Hampton over 7 years
      Check the server logs.
    • Shui shengbao
      Shui shengbao over 7 years
      Check server logs /var/log/messages.
  • raju
    raju over 7 years
    I solved problem by changing the permissions of .ssh folder
  • Sybille Peters
    Sybille Peters about 3 years
    Permissions can often be a problem with ssh so it is a good tip to check permissions. However I strongly disagree with giving "other" any permission to home and especially to .ssh. This way, "other" could potentially read your keys. Would use 600 for files and 700 for directories respectively. or 660 / 770 if the group must have read access.You did write "or less", but why give "other" any access at all?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Missing begin marker error with public key ssh login
Changing AuthorizedKeysFile in `sshd_config` not solving public key auth failure with encrypted home
Unable to login to host via ssh, just see 'Connection closed' in authlog
Why am I still getting a password prompt with ssh with key authentication?
Setting up ssh config file with id_rsa through tunnel
How do I configure SSH so it doesn't try all the identity files automatically?
setting minimum size of accepted rsa key
How to make ssh connection between servers using public-key authentication
Passwordless root SSH on CentOS 6 with public key
Allow domain group ssh access