SSH Permission denied (publickey)
I am trying to connect to a Linode (running Ubuntu 12.04 LTS) from my local machine (also running Ubuntu 12.04 LTS)
I have created a private and public key on my local machine and copied my public key to my Linode's authorized_keys file. However, whenever I try to ssh to my Linode I get the error message Permission denied (publickey)
.
It's not a problem with how ssh is set up on my Linode because I can ssh to it from my Windows machine using key authentication.
In my .ssh
directory on my local Ubuntu machine, I have my id_rsa
and id_rsa.pub
files. Do I need to create an authorized_keys file on my local machine?
EDIT: This is what I get when I run ssh -vvv -i id_rsa [youruser]@[yourLinode]
:
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
PubKeyAuthentication
Set up your client
-
Generate your key.
ssh-keygen
-
Configure ssh to use the key.
vim ~/.ssh/config
-
Copy your key to your server.
ssh-copy-id -i /path/to/key.pub SERVERNAME`
Your config file from step 2 should have something similar to the following:
Host SERVERNAME
Hostname ip-or-domain-of-server
User USERNAME
PubKeyAuthentication yes
IdentityFile ./path/to/key
You can add IdentitiesOnly yes
to ensure ssh
uses the specified IdentityFile
and no other keyfiles during authentication. Setting IdentitiesOnly
prevents failed authentications from occurring, when ssh
would otherwise attempt to login with multiple keys. Setting this is also considered more secure, as you're not leaking information about other keys you have installed, and maintaining separation of your keys between different levels of access.
Troubleshooting
- use "-vvv" option
- Make sure the server has your PUBLIC key (.pub).
- Make sure your IdentiyFile points to your PRIVATE key.
- Make sure your
.ssh
directory has 700 and the files within are 600 permissions.-
ssh-keygen
will create files and directories for you with the proper permissions
-
-
tail -f /var/log/auth.log
(on the server) and monitor errors when you attempt to login - If you have many key files, try
IdentitiesOnly yes
to limit the authentication to use the single, specified key.
Sometimes the issue comes from permissions and ownership. For instance, if you want to log in as root, /root
, .ssh
and authorized_keys
must belong to root. Otherwise, sshd won't be able to read them and therefore won't be able to tell if the user is authorized to log in.
In your home directory:
chown -R your_user:your_user .ssh
As for rights, go with 700 for .ssh
and 600 for authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
The problem I had was it was using the wrong keys on the client. I had renamed id_rsa and id_rsa.pub to something else. You can either rename them back to their default, or when you issue the ssh command, use it like this
ssh -i ~/.ssh/private_key username@host
You don't need authorized_keys
on your client.
You must tell the ssh-client to actually use the key you generated. There are several ways to do that. Just for testing type ssh -vvv -i .ssh/id_rsa [youruser]@[yourLinode]
. You will have to provide your passphrase every time you want to connect to the server.
If that worked you can add the key to the ssh-agent
with ssh-add .ssh/id_rsa
(you will have to provide the passphrase only once for this and it should work as long as you don't logout/reboot)