Ubuntu: Server keeps asking for password after I've copied my SSH Public Key to authorized_keys



Question:

I have an Ubuntu Server, running in a Cloud. I created a user (git). In the folder /home/git, I have created the .ssh/ dir, and the authorized_keys file.

But, when I put my SSH Public Key in the authorized_keys file, the server continues to ask me the password.

What did I do wrong?


Solution:1

On the server side, the ssh daemon will log errors in /var/log/auth.log, so check that file to see what's being reported.

From the client side, when establishing the connection you can add the -v flag (or -vv or -vvv) to increase verbosity. You might be able to identify your problem this way.

Here are other things to check.

  • Make sure /home/git/.ssh/authorized_keys is owned by git.
  • Make sure /home/git/.ssh/authorized_keys has a mode of 600 (-rw-------).

Also check the /etc/ssh/sshd_config file.

  • PubkeyAuthentication should be set to yes
  • There is also the AuthorizedKeysFile directive which determines the path where the authorized keys should be located. Ensure it's commented out or on the default of %h/.ssh/authorized_keys.


Solution:2

Also make sure your user home directory (in your case, /home/git) is only writable by you. I had this issue once because my home directory was group-writable. /var/log/auth.log said in it: "Authentication refused: bad ownership or modes for directory /home/chuck". (this is to make sure it doesn't use an authorized_keys file that someone other than you has been messing around with!)


Solution:3

There are different ways to solve this: you can configure either sshd (server-side) or ssh (client-side) not to use password authentication. Disabling password authentication on the server makes your server more secure, but you will be in trouble if you loose your key.

To make ssh (client-side) using pubkey authentication, add some options to the ssh command:

ssh -o PubkeyAuthentication=yes -o PasswordAuthentication=no -X git@server  

If this works, you can set the PasswordAuthentication=no option permanently in the ssh client config file /etc/ssh/ssh_config system-wide or ~/.ssh/config user-specific (on details, see man ssh_config).


Solution:4

Are you using ~/.ssh/config on your local machine? I've run into this problem when I use the IdentityFile directive in the config file and point to the public key. For example:

Host Cloud      Hostname cloud.theclouds.com      User git      IdentityFile ~/.ssh/config/mykey # This is correct        # IdentityFile ~/.ssh/config/mykey.pub # This is incorrect  


Solution:5

If your home folder is encrypted then your authorized_keys file is not readable before login. You have to move it outside your home.

Here is explained and how to do: https://help.ubuntu.com/community/SSH/OpenSSH/Keys#Troubleshooting


Solution:6

Another thing to check for is whether there are extra carriage returns in your public key. I followed the advice above to review the /var/log/auth.log and saw an error when reading the key. The key was approximately two lines long instead of four. There were extra carriage returns embedded in the key.

When using the vi editor, use shift-j to join the lines and erase the extra space in the key string.


Solution:7

If you have multiple private keys, use the -v switch on your ssh connection command to check to see if your other primary keys are being uesd to try to connect. If they are not, tell the ssh client to use them with the following command:

ssh-add path/to/private/key  


Solution:8

You can also add your key to the SSH Agent:

u@pc:~$ ssh-agent bash  u@pc:~$ ssh-add ~/.ssh/id_rsa  Enter passphrase for /home/u/.ssh/id_rsa: # ENTER YOUR PASSWORD  Identity added: /home/u/.ssh/id_rsa (/home/u/.ssh/id_rsa)  


Solution:9

It could also be that you are calling

sudo git clone gituser@domain:repo.git

where the root users ssh key has not been added to the authorized_keys of gituser


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »