SSH public key authentication doesn't work [duplicate]

I'm having trouble setting up public key authentication for an SSH server on Ubuntu Server 12.04 (A) for authentication from an Ubuntu Server 13.04 (B).

What I'm doing now (I'm trying to follow the instructions here):

  • On B: Create a new key with ssh-keygen -C "", using no passphrase, writing to /.ssh/id_rsa - I don't get any errors
  • On B: Run ssh-copy-id -i /.ssh/id_rsa user@host-a - also, a success message
  • On B: ssh -i /.ssh/id_rsa user@host-a - I still have to enter my password for user@host-a

On A, I checked if the /.ssh/authorized_keys is modified after running ssh-copy-id, and this is the case. Also, on both devices I added this to /etc/ssh/sshd_config:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /.ssh/authorized_keys

Does anyone know what might be the problem here?


Here's the tail of my /var/log/auth.log on machine A:

Jun 13 22:17:56 laptop-camil sshd[12344]: Server listening on 0.0.0.0 port 22.
Jun 13 22:17:56 laptop-camil sshd[12344]: Server listening on :: port 22.
Jun 13 22:18:27 laptop-camil sshd[12345]: Authentication refused: bad ownership or modes for directory /.ssh
Jun 13 22:18:30 laptop-camil sshd[12345]: Accepted password for camilstaps from 164.138.27.37 port 48407 ssh2
Jun 13 22:18:30 laptop-camil sshd[12345]: pam_unix(sshd:session): session opened for user camilstaps by (uid=0)
Jun 13 22:18:35 laptop-camil sshd[12464]: Received disconnect from 164.138.27.37: 11: disconnected by user
Jun 13 22:18:35 laptop-camil sshd[12345]: pam_unix(sshd:session): session closed for user camilstaps
Jun 13 22:18:42 laptop-camil sshd[12516]: Authentication refused: bad ownership or modes for directory /.ssh
Jun 13 22:18:44 laptop-camil sshd[12516]: Connection closed by <host-b> [preauth]

Anything in log files, particularly /var/log/auth.log? You might also double-check permissions on the .ssh directory and files.

I haven't had to modify sshd_config for this kind of access, myself. I am wondering if your modification broke things, especially the AuthorizedKeysFile line. Typically, you would want to put the authorized_keys under $USER/.ssh .

Here are the permission from a user on one of my servers:

:~/.ssh$ ls -ld .
drwx------ 2 rrd rrd 4096 May 28 17:57 .

:~/.ssh$ ll
total 280
-rw-r----- 1 rrd rrd   4351 May 22 16:20 authorized_keys
-rw------- 1 rrd rrd   1679 Apr 27  2012 id_rsa
-rw-r--r-- 1 rrd rrd    399 Apr 27  2012 id_rsa.pub
-rw-r--r-- 1 rrd rrd 266138 Jun 13 00:18 known_hosts

Make sure the individual files are at least this restricted.

As guntbert points out, also check that the directory and files are owned by you. The permissions won't make sense (or work) otherwise.

Who owns the keys in authorized_keys on B? (The bit that says user@host after the key.) Is it root@A ?

That is, in looking at ~/.ssh/authorized_keys, what is the equivalent of bert@etherbert for your set-up:

ssh-rsa AAAA...ffsII8dSaDF33 bert@etherbet

I would just edit the remote .ssh/authorized keys manually for testing, putting in the id_rsa.pub contents of the user you are intiating the connection with.

Make sure you are coming from the user that has the key in the remote authorized_keys file.


The directory ~/.ssh MUST be owned by the user, not root. So change that and it will work.

To avoid having to type the passphrase for your private key every time you use ssh-agent. ssh-add .ssh/id_rsa will add the key to the agent, from then on the agent will provide the key to ssh.


Besides all the other guys had provided the solutions, my additional suggestion is you should first check the logging file: /var/log/secure, which is where sshd puts logs in. If something goes wrong, checking what sshd has complained in /var/log/secure will quickly narrow down the possible issues.