why is ssh ignoring user config file
ssh is not reading from user configuration file first, but from system wide config.
this is my ssh verbose trace (while using local user, not root):
-bash-4.1$ ssh -v [email protected]
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to github.com [192.30.253.113] port 22.
debug1: Connection established.
debug1: identity file /var/www/html/.ssh/identity type -1
debug1: identity file /var/www/html/.ssh/identity-cert type -1
debug1: identity file /var/www/html/.ssh/id_rsa type -1
debug1: identity file /var/www/html/.ssh/id_rsa-cert type -1
debug1: identity file /var/www/html/.ssh/id_dsa type -1
debug1: identity file /var/www/html/.ssh/id_dsa-cert type -1
debug1: identity file /var/www/html/.ssh/id_ecdsa type -1
debug1: identity file /var/www/html/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
debug1: no match: libssh-0.7.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
The authenticity of host 'github.com (192.30.253.113)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,192.30.253.113' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /var/www/html/.ssh/identity
debug1: Trying private key: /var/www/html/.ssh/id_rsa
debug1: Trying private key: /var/www/html/.ssh/id_dsa
debug1: Trying private key: /var/www/html/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
therefore, it can't locate my keys, whose location is specified in local config. why is ssh ignoring local config file, located in ~/.ssh/config ? The file has rwe rule 600 . I tried mod 400 as well, but to no avail.
Solution 1:
Make sure the owner of ~/.ssh/config matches the username you are logged in with. From your capture above it looks like you are logged in as www-data so you should do a chown www-data:www-data /var/www/html/.ssh/config from a root shell.
Please note if you have Apache pointed to /var/www/html it's an EXTREMELY BAD THING to have your SSH keys anywhere where there is a possibility Apache could touch them, as a simple misconfiguration or PHP app exploit/misconfiguration can reveal your keys to anyone who can access Apache. You should change the home directory of the www-data user to something outside of any directory Apache can access. You can do this by manually creating a directory elsewhere (e.g. /etc/systemhome/www-data or make a /home/www-data) editing the www-data entry for /etc/passwd, you would need to logout and back in for the change to take effect.
Solution 2:
This happens when the .ssh directory is not executable by the ssh process. There's no way that /var/www/html/.ssh should exist in any event, so there's something fishy going on there.