Q+=A

Q: Dear all-seeing, all-knowing, and (pretty, pretty please) all-telling Electronic Replicant,

I am trying to create a passwordless public-key SSH connection between two computers in order to automate a task. I’ve copied the public key from id_dsa.pub on the client computer to ~/.ssh/authorized-keys on the server computer. However, it doesn’t seem to work. I get asked my password every time. I have verified that the cryptographic keys match on both computers. I have tried changing the permissions on ~/.ssh and its contents to 0600. That didn’t help. I ensured "PubkeyAuthentication yes" was in my sshd_config file. I must have restarted sshd a dozen times.

I even tried debug mode (ssh -vvv) and saw this:

debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method

Something was clearly going wrong with the SSH daemon, so I built the latest version of both it AND the OpenSSL library from source and STILL I got the same result!

Please help me, Electronic Replicant, before I go insane!

A: The public key file must be named authorized_keys, not authorized-keys.

Related Posts Plugin for WordPress, Blogger...

3 thoughts on “Q+=A”

  1. Not to disagree with the great and wise Replicant… but from the ssh manpage: The file ~/.ssh/authorized_keys lists the public keys that are permitted for logging in. When the user logs in, the ssh program tells the server which key pair it would like to use for authentication. The client proves that it has access to the private key and the server checks that the corresponding public key is authorized to accept the account.
    I would say something else is going on. If the user has the ssh-copy-id program on the client system that might be good to use, to make sure everything got copied correctly. Also make sure that ~ itself is properly restricted.
    One place to look for information is /var/log/secure… well on both sides. That may give you in plain English what exactly you need.
    http://www.mail-archive.com/secureshell@securityfocus.com/msg01307.html

  2. Narf!
    Thank you, Carl, for pointing my backwardness out to me. I have corrected my post accordingly. I guess that’s what I get for posting in a half-dead state.

Comments are closed.