RE: public key (RSA) authentication problem

I wouldn't suggest setting ~/.ssh and ~/.ssh/authorized_keys to 755. Try 755 on the ~/.ssh and 600 for ~/.ssh/* I believe the users home dir (~/) must also be 755.

openssh will not allow the key transfer to take place if the permissions above are not set. If you are still not getting a public key to work, try starting the client in debug mode (-vvv) or the sshd (-ddd) and reply with the contents. It will tell you exactly why the transfer is being denied.

-Carl

-----Original Message-----
From: Schubert, John [NTWK SVCS]
Sent: Wednesday, August 13, 2003 1:15 PM To: Ben Green
Cc: secureshell@securityfocus.com
Subject: RE: public key (RSA) authentication problem

Anytime I've had problems logging in with swapped public keys, the following ownership changes have fixed it 99% of the time: (entered from the user's home directory. e.g. cd /home/username )

chmod 755 . .ssh .ssh/authorized_keys

Give that a try.

John

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

-----Original Message-----
From: Greg Wooledge [mailto:wooledg@eeg.ccf.org] Sent: Wednesday, August 13, 2003 10:47 AM To: Ben Green
Cc: secureshell@securityfocus.com
Subject: Re: public key (RSA) authentication problem

On Tue, Aug 12, 2003 at 09:12:17PM -0400, Ben Green wrote:
> As root, I can setup public key authentication and scp/sftp/ssh between two
> servers without a password. However, the same setup does not work as an
> ordinary user. I have checked permissions on everything in /etc/ssh and
> everything is world readable. I have checked the permissions on the private
> key file and it is 600. The permissions on the public key file is 644.

Check the directory permissions, too -- on every directory leading up to, and including, the .ssh directory. If any of them is either groupor  world-writable, then it will not work. Received on Thu Aug 14 15:37:57 2003