My boss using Windows, Putty, and Pagent could not get the password prompt to go away no matter what he or I did even though it worked just fine on the old test box. Our Unix admin that set up the box was also at a loss. After reading everything we could on the internet and copying and transmitting and changing keys so many times we wanted to barf I sat down to find out what was different about his account.
I switched his public keys in authorized_keys to mine and tried to connect.... no dice! So it was something about the remote system. I checked the passwd file and the group file...he was set up just like me. Everyone said to check the permissions of the .ssh folder and the files in it, but they were all OK. Then I actually copied my home directory into his home directories place and changed the owner of the files. Then I could log right in.
It turned out that the difference was that his home directory had somehow become world readable and that prevented it from working!
So, here are the things to check if you can't get it to work:
- Make sure your home directory's permissions are drwxr-xr-x (chmod 755)
- Make sure your .ssh directory's permissions are drwx------ (chmod 700)
- Make sure your authorized_keys file permissions are -rw------- (chmod 600)
- Make sure the 3 files above are owned by your user.
- Make sure the public key in your authorized_keys file is one long line with no breaks.
- Check your sshd_config file (/etc/ssh/sshd_config on Solaris 10) is set up with
PubkeyAuthentication yes
This is the default, so just don't set it to no.
Also, it doesn't matter where you make the key (client or server) just as long as you put the public key on the server and the private key on the client. The otherwise very nice post at
http://www.andremolnar.com/how_to_set_up_ssh_keys_with_putty_and_not_get_server_refused_our_key
is incorrect on this (It might help you avoid the issue in #5 above though).
0 comments:
Post a Comment