RedHat 6/Oracle Linux 6 is not allowing key authentication via ssh

前端 未结 4 1054
死守一世寂寞
死守一世寂寞 2021-02-04 10:38

Keys are properly deployed in ~/.ssh/authorized_keys

Yet ssh keeps on prompting for a password.

相关标签:
4条回答
  • 2021-02-04 10:41

    The above answer is quite good, I have an addition & a suggestion. The addition is in line 2 below, as home directory permissions not be more permissive than rwxr-x--- for ssh key authentication.

    cd ~
    chmod g-w,o-rwx .
    chmod 700 .ssh
    cd .ssh
    chmod 600 *
    chmod 644 authorized_keys
    chmod 644 known_hosts
    chmod 644 config
    restorecon -R -v ../.ssh
    

    The suggestion is to make use of the -vv option when testing.

    0 讨论(0)
  • 2021-02-04 10:43

    Several issues, mostly privileges - but also related to SELinux on RedHat 6

    The following script should fix them all, please replace <user>:<group> with your matching userid and group

    chown -R <user>:<group> ~/.ssh
    chmod 700 ~/.ssh
    chmod 600 ~/.ssh/*
    restorecon -R -v ~/.ssh
    
    0 讨论(0)
  • 2021-02-04 10:55

    I had also this same issue, the proposed solution above did not solve the case for me. To summarise instructions abowe together:

    1. Check following logfile on target system for possible details of errors: /var/log/secure
    2. Permission of files in users ~/.ssh directory should be 600 and files should be owned By "user:group"
    3. Permission of ~/.ssh directory should be 700 and owned By "user:group"
    4. Permission of home directory of user ie. "~" (="~/.ssh/..") should be 755. If permissions are f.ex 775, ssh key autenthication failed in my system.

    br bruno

    0 讨论(0)
  • 2021-02-04 11:04

    I'd agree with the changes above working on most linux variants in the root account. I have had a problem with RedHat 6.3 with trying to get a postgres user account to use DSA auth. (6.3 running in VirtualBox)

    The issue can be that the basic selinux permissions are wrong. Restorecon wont help in this case.

    (After restorecon)
    drwx------. postgres postgres unconfined_u:object_r:var_lib_t:s0 .ssh
    

    I have fixed this with :

    chcon -R -t ssh_home_t .ssh
    

    This resolved this instance of the problem.

    0 讨论(0)
提交回复
热议问题