2

I created an SSH public key for my root user. I copied it to /root/.ssh/authorized_keys, and saved.

The key is only ssh-rsa key. (It's one row, ssh-rsaSPACEkey, no further spaces or brakes).

  1. /.ssh is 700.

  2. /.ssh/authrozied_keys is 600.

  3. owner and group are same as the USERNAME.

I can log in SSH just fine with root and I repeated the same algorithm for creating, pasting and loading the key, for my primary user under /home/USERNAME but I can't login with it - It says "No supported authentication methods available".

Notes:

  1. I did load private keys for both of these users.

  2. Both keys are ssh-2 rsa.

  3. Both keys include 4096 bytes.

  4. I use Putty to login, and load the private keys with pageant.

  5. Did service ssh restart before trying.

Update 1 - Relevant public key:

Here's he public key I'm having problems with (copied as is from /home/USERNAME/.ssh/authrorized_keys):

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkJXuWq8xf28ft+kJ8+KJK0he5OftZlBBfKPcNNEU9y2nLn/BWcMrjcrDnf52rLcKIQGJcbk0e8U9+p84tfzlhfjkUTKeUazAKL3k5KSfBbqayue5GXIDAP3Psg2pBN69uOeEr9/RHlJej1z2dmqiCgKcl3gaaBcedA1jclrnTryr0406qFwMJbOx/2ZWY/YAupcL7In0KzG0J6fsS6SSYQhpNZ5JSZchFq/Xbqp68Iz2c/aCTVRaymXQAMYfgzvjxb/j53JlHfMiyWudI754PgpYYzjCls/siO54TZVFIob4mc837rlA6pDV8MSAKBvOVS3u682WTmktXyxvGQYOmouxZ3taX0hAwcJbsk4AYSIEGSVTfSobUfjnZnNFZYOGxPOS90NV/Px9sVZx8PLuAmaXOAezkWasKIn/Gbh5gygdo7TP24yA2Wy/KPL7dHCDXYKY1AmhNW/HXkZwySPHV32dFlgft1bYPEj2tdoijmGscmM+lAUPwQ0Tl8hSWwT/4qX3PvKC0+YTRQl7dLkYenHBgbnuuzgwiBfrNorhYnG2sdFDPh1/Tn7KrYxczs/t/7GS8WPJuFEmBezw2u47KBezkzcvDj5WWqmlUXHLrZNx3EM9KeFTcUf/yJgL3Hex9HdloWIPSCoTF6rWXgJ//1LoktZ0w7qsj9G2hcLOQbk=

Update 2 - Seemingly-relevant sshd_config directives

I put an image as for some reason I can't paste syntax I cut or copy from Putty:

enter image description here

Improve this question
5
  • What are directory permissions all the way up to /? Commented Oct 26, 2016 at 10:49
  • I think I didn't understand you. Commented Oct 26, 2016 at 19:18
  • Look at /var/log/auth - most problems have detailed description here. Commented Oct 26, 2016 at 21:46
  • the permissions are correct 600, but who is the USER, if that is still root it should be chown 'ed to the user whos home directory is being used Commented Oct 26, 2016 at 21:48
  • It's not root (I can log in with root fine), I meant to write USERNAME to not expose the nick as a security-principle... Commented Oct 26, 2016 at 21:49

1 Answer 1

Reset to default
1

Problems with public keys are almost always permissions related.

Check the ownership of the authorized_keys file in your non-root user's home directory. You mention mode octals of 0700 and 0600 for the directory and file respectively. However, you don't mention ownership.

Be sure the owner is not root, for the authorized_keys file, as well as as for /home/USERNAME/.ssh/. Also, the authorized_keys file is public information. It's typical to give this file read access to all, via octals 0644. However, your permissions should work in this case provided your file ownership is correct.

To clear this up in case of confusion, posting the output of # ls -la /home/<USERNAME>/.ssh/ would abolish any doubt as to the permissions.

Improve this answer
6
  • Did chown (and chgrp) both to USERNAME. in ll it's -rw------- 1 USERNAME USERNAME 721 Oct 26 10:18 authorized_keys (I also restarted SSH service because I didn't know if it's a must) YET, I still get the same error message from above. Commented Oct 27, 2016 at 2:53
  • 1
    I'm assuming with no supported authentication methods as an error message, you're probably trying to disable password based authentication? Editing your post to contain your /etc/ssh/sshd_config file from your servers would help in identifying why this happens. It could be that you've disabled password authentication and not enabled private key authentication (it may be commented, as is common). Commented Oct 27, 2016 at 2:57
  • Yes I changed PasswordAuthentication (in the end of file) from yes to no, without touching the commented instance of this directive. I didn't enable private key authentication --- I thought it's already enabled given the face I log in with a private key as root without any problem. Commented Oct 27, 2016 at 3:03
  • Most default sshd configurations specify that root may only log in via private key, or without-password. This implies that key based login is enabled, but only applies to root. This behavior overrides the pubkeyauthentication and rsaauthentication directives. Commented Oct 27, 2016 at 3:51
  • I hear of this behavior for the first time. I have uploaded an image with the seemingly-relevant piece of directives from sshd_config... I didn't understand what to change there (if there is anything relevant in that file, to allow non-root users to login with private keys and without passwords as well). Commented Oct 27, 2016 at 5:20

You must log in to answer this question.