{"id":2550,"date":"2012-11-19T19:33:14","date_gmt":"2012-11-19T19:33:14","guid":{"rendered":"http:\/\/really.zonky.org\/?p=2550"},"modified":"2012-11-19T19:33:14","modified_gmt":"2012-11-19T19:33:14","slug":"ssh-why-doesnt-key-authentication-work","status":"publish","type":"post","link":"https:\/\/really.zonky.org\/?p=2550","title":{"rendered":"SSH: Why Doesn’t Key Authentication Work?"},"content":{"rendered":"

Over the years, whenever I’ve run into problems getting SSH key authentication to work, there’s always been the problem of a certain lack of information (partially because much of the information is held within the server logs which aren’t always accessible). This post is running through some of the issues I’ve encountered.<\/p>\n

    \n
  1. The file\u00a0server-to-login-to:~user\/.ssh\/authorized_keys<\/em> has the key in, but the values are stored on multiple lines (as can happen when the contents are pasted in). Simply join the lines together, removing any extra spaces added by the editor, and it should work. Usually caused by pasting the key.<\/li>\n
  2. Naming the file\u00a0server-to-login-to:~user\/.ssh\/authorized_keys<\/em> incorrectly – my fingers seem to prefer\u00a0authorised_hosts<\/em> – which whilst the\u00a0authorised<\/em> bit is the correct spelling, the code expects the Americanised spelling. Although you can set\u00a0AuthorizedKeysFile<\/em> to a space separated list of files, it’s usually best to assume it hasn’t been done.<\/li>\n
  3. Getting confused over public\/private keys. Not that I’m ever going to admit to being as dumb as to put the private key into the\u00a0authorized_keys<\/em> file, but it’s worth reminding myself that the private key belongs on the workstation I’m trying to connect\u00a0from<\/em>.<\/li>\n
  4. Trying to login to a server where key authentication has been disabled (why would anyone do this?). Check\u00a0PubkeyAuthentication<\/em> in\u00a0\/etc\/ssh\/sshd_config<\/em>.<\/li>\n
  5. Not one of my mistakes (I’m on the side who disabled\u00a0root<\/em> logins), but logging in as root directly is often turned off.<\/li>\n
  6. The permissions on the\u00a0server-to-login-to:~user\/.ssh<\/em> directory and the file\u00a0server-to-login-to:~user\/.ssh\/authorized_keys<\/em> need to be very restricted. Basically no permissions for anyone other than the owner.<\/li>\n<\/ol>\n

    I am sure there are plenty of other possible mistakes, but running through this checklist seems to work for me.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Over the years, whenever I’ve run into problems getting SSH key authentication to work, there’s always been the problem of a certain lack of information (partially because much of the information is held within the server logs which aren’t always accessible). This post is running through some of the issues I’ve encountered. The file\u00a0server-to-login-to:~user\/.ssh\/authorized_keys has […]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_share_on_mastodon":"0"},"categories":[4],"tags":[1032,1033,1031,780],"class_list":["post-2550","post","type-post","status-publish","format-standard","hentry","category-it","tag-checklist","tag-key-authentication","tag-mistakes","tag-ssh","category-4-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"share_on_mastodon":{"url":"","error":""},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p1f2KI-F8","_links":{"self":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/2550","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2550"}],"version-history":[{"count":4,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/2550\/revisions"}],"predecessor-version":[{"id":2568,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/2550\/revisions\/2568"}],"wp:attachment":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2550"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2550"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}