What does this ssh error mean?
In my experience the two most common key based auth errors are
- Inappropriately broad permissions on the
$HOME/.ssh
directory - An error in copying the public key to the remote system
File Permissions
OpenSSH does a lot in an attempt to protect you from yourself. The most user impacting way this happens is by enforcing hard restrictions on who has access to your local ssh folder. You really only want you, and only you, to access the directory. Well, and anyone with uid=0, but there's no good way around that. So what you need to do is simply change your permissions: chmod -R go-rwx ~/.ssh
This will remove read, write, and execute rights to any files underneath the .ssh directory from all users except the owner, i.e. you.
Authorized Keys Issues
The file containing your public key, typically $HOME/.ssh/authorized_keys
has to fit a very specific form for SSH to understand how to accept the private key. Each key must consist of, at least, 2 fields
- Type of key used (RSA, DSA, RSA1, etc)
- Key
Each key, along with all of its options and component parts, must be listed one per line in this file. Since the keys tend to be very long they will often wrap and appear as two lines on your terminal. This will sometimes cause havoc when attempting to copy/paste, since sometimes one or more newlines will get inserted wherever the key wraps on your screen. Fixing this problem can be a bit trickier for a shell beginner.
Try runningwc -l ~/.ssh/authorized_keys
This will print out the number of lines in the file. Compare that number against the number of keys you expect to be in the file. If you will only be accepting this one key, you can also just make a copy of the public key file, since it is the same format as your authorized keys file. Something likescp -p ~/.ssh/kev_rsa.pub remotehost:~/.ssh/authorized_keys
or, if you have your public key on the same system you can docat ~/.ssh/kev_rsa.pub >> ~/.ssh/authorized_keys
Additionally, look in the log file on the remote host and see if any errors are being reported there. The files will most likely be either /var/log/secure.log
or /var/log/auth
.