SSH login using public key failed

ssh rsa localhost

On localhost running sshd service. Created two pairs of rsa keys for root and user1 using ssh-keygen. Copied from root/.ssh/id_rsa.pub to user1/.ssh/id_rsa.pub. Changed permissions to 600. Tried ssh -l user1 localhost and ssh -l root localhost but both failed with Permission denied (publickey,keyboard-interactive).. Do I have to copy public key to ~/.ssh folder for both users? What is wrong with configuration? Why I cannot connect to localhost?

File /etc/ssh/sshd_config:

RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication yes
UsePAM no
AllowUsers user1 root
PermitRootLogin yes

In file /etc/ssh/ssh_config is uncommented lines:

   RSAAuthentication yes
   PasswordAuthentication no
   ForwardX11 no
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no
   PubkeyAuthentication yes

EDIT 1

I am trying to connect to localhost. I have to be able to login to user1 using only public key while possible to login as root with public key and/or password.

EDIT 2

I copied cp ~/.ssh/id_rsa.pub /home/user1/.ssh/authorized_keys. Changed permissions chmod -R 700 ~/.ssh and chmod -R 700 /home/user1/.ssh. Restarted sshd 'service ssh restart'. But it seems not working.

EDIT 4

root@ubuntu:~# ssh-copy-id user1@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is 34:29:b6:1b:fe:84:eb:82:85:77:87:f6:25:39:61:5a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Permission denied (publickey,keyboard-interactive).

root@ubuntu:~# ssh-copy-id root@localhost
Permission denied (publickey,keyboard-interactive).

Log:

# tail /var/log/auth.log

... ubuntu sshd[8476]: User root not allowed because account is locked

A good SSH troubleshot article: Problems and Solutions


Solution 1:

I ran into this issue when i tried to login to an account that has no password, even though i use SSH key pair authentication and have password login turned off. The solution was to set a password using my root account:

passwd user1
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Solution 2:

  1. Whenever encountering a problem ssh'ing to a server, it's always best to add the -v flag, e.g. 

    $ ssh -v host -l user

  2. In both above cases, the public key (id_rsa.pub) should be added to the "remote user's .ssh/authorized_keys" file. In your case above, both to root and user1. This can easily be done via the ssh-copy-id command.

  3. /var/log/secure will hold clues as to why the login was not successful.

  4. Directory permissions should be 700 [rwx] (not 600) [rw-]

Solution 3:

I ran into a similar issue a while back try doing a 

chmod -R 600 ~/.ssh

Apparently if the file permissions are right but the directory permissions are not the same kind of permissions error can crop up.

I also think that you need to rename the file from id_rsa.pub to authorized_keys.

Related

Computers point to DC in wrong site
Which is the best Jabber server regarding performance? [closed]
Easy way to convert custom 32-bit AMI into 64-bit one?
Pre-compiled Iperf 2.x binary for win32?
HAProxy -- pause/queue all traffic without losing requests
Is there anyway to determine who dropped a table?
Is it a good idea to use nginx $request_id for CSP nonce value?
HP ProLiant Shared ILO port disadvantages?
How do I provide dpkg configuration parameters to aptitude or apt-get?
Apache reverse proxy to docker container
DMZ subnet: to NAT or not to NAT?
MS SQL Server slows down over time?