Tech Monger

Programming, Web Development and Computer Science.

Skip to main content| Skip to information by topic

Fix Key Based SSH Authentication Error in Linux

If you have setup key based authentication between two different servers for SSH or SFTP then you might face issues while initiating SSH connection. Below we will see how to solve these issues by considering different failure vectors. We assume that you have already setup authorized_keys based keyless ssh login.

Check directory and file permissions

Permissions on the directory ~/.ssh/ and the files inside should be

File / Directory Permissions Numeric
~/.ssh/ drwx------ 700
~/.ssh/id_rsa -rw------- 600
~/.ssh/username/id_rsa.pub -rw-r--r-- 644
~/.ssh/authorized_keys -rw-r--r-- 644
/etc/sshkeys/username -rw-r--r-- 644

If any of the above file have different permissions then you can change it with following commands.

chmod 700 ~/.ssh/
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/authorized_keys

Note that to modify file permission of /etc/sshkeys/username, you (user) should be the owner and should have write privilege on the file.

Verify SSHD Configuration

If you have incorrect sshd configuration then key based authentication will not work. For example if you setup wrong value for the parameter AuthorizedKeysFile in sshd config file /etc/ssh/sshd_config then your key based authorization will fail. You would see following error inside /var/log/secure.

Authentication refused: bad ownership or modes for directory /home/username

AuthorizedKeysFile should have following value inside /etc/ssh/sshd_config. 

AuthorizedKeysFile /etc/sshkeys/%u

If it is incorrect then please make modification as explained above. You will require root access to modify this file /etc/ssh/sshd_config. Also verify all other configuration against defaults set for your Linux distribution.

You would require to restart sshd daemon after modification of sshd_configfile. You can do it with root user using following command.

  • Debian / Ubuntu 
    sudo service ssh restart
  • RHEL / CentOS 
    sudo systemctl restart sshd

Conclusion

We learned how to fix login error in password less ssh or sftp connections. Most errors occur due to the incorrect file permissions on ~/.ssh/ or due to the wrong sshd configuration. If you follow above tutorial then will face no issue with login, given that key based authentication setup has configured correctly.

Tagged Under : Google Cloud Linux Open Source Ubuntu

Previous Next