0700/rwx------
If not, run:
chmod 700 .ssh
2. Inside the .ssh directory, all the public key files (*.pub) should have the following permissions:
0644/rw-r--r--
If not, run:
chmod 644 .ssh/*.pub
3. All other files in the .ssh directory should have the following permissions:
0600/rw-------
To change, run:
chmod 600 .ssh/
To debug a failed ssh session, run:
ssh -vvv
For example, in the following ssh -vvv output you can see that the public key was sent, but not accepted. The root cause was incorrect permissions in the destination's host .ssh/* files:
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: Skipping ssh-dss key /Users/john/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
debug1: Will attempt key: /Users/john/.ssh/id_rsa RSA SHA256:Zjk3dXmAUc9bS01ItANovYD4usebPibGxM0r5JHtmP4
debug1: Will attempt key: /Users/john/.ssh/id_ecdsa ECDSA SHA256:U1Lkgb+30LAOIwE4OLgGuFffkYRW5WGW12YSOMb+ByI
debug1: Will attempt key: /Users/john/.ssh/id_ed25519
debug1: Will attempt key: /Users/john/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/john/.ssh/id_rsa RSA SHA256:Zjk3dXmAUc9bS01ItANovYD4usebPibGxM0r5JHtmP4
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
No comments:
Post a Comment