1

So I have my home computer, and my server. I'm trying to login to my server with my private key.

On my server say I have the user serveruser, to which I login from my home computer using

ssh -Y [email protected]

And at my home computer, I have the user homeuser on my home computer.

So now, I want to login to the server using my private key. For that, I already have a key with passphrase in /home/homeuser/.ssh/. So I took the public key (id_rsa.pub), and copied it to my server at /home/serveruser/.ssh/authorized_keys.

Now I would like to login using that key, so I tried to login using

ssh -Y [email protected]

and it still asks me for the password, and not the passphrase.

I tried also logging in using 

ssh -i /home/homeuser/.ssh/id_rsa -Y [email protected]

and I'm still being asked for the user password.

What did I do wrong? Please advise.

Thank you for any efforts.

EDIT: According to Mason Heller's recommendation, I executed ssh-add, but it still insists that I input the password for [email protected].

EDIT: Information from ssh -v -Y myserver.com (personal information modified for anonymity).

OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to myserver.com [100.100.100.100] port 22. debug1: Connection established. debug1: identity file /home/homeuser/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/homeuser/.ssh/id_rsa-cert type -1 debug1: identity file /home/homeuser/.ssh/id_dsa type -1 debug1: identity file /home/homeuser/.ssh/id_dsa-cert type -1 debug1: identity file /home/homeuser/.ssh/id_ecdsa type -1 debug1: identity file /home/homeuser/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4 debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA b2:1a:68:21:5a:72:c4:f7:ec:ea:60:12:e4:f8:b5:71 debug1: Host 'myserver.com' is known and matches the ECDSA host key. debug1: Found key in /home/homeuser/.ssh/known_hosts:11 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/homeuser/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: [email protected] debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/homeuser/.ssh/id_dsa debug1: Trying private key: /home/homeuser/.ssh/id_ecdsa debug1: Next authentication method: password

More information:

cat /home/homeuser/.ssh/id_rsa.pub

--removed for security--

/home/serveruser/.ssh/authorized_keys

total 4 -rwx------ 1 serveruser serveruser 400 Jan 26 01:09 id_rsa.pub

cat /home/serveruser/.ssh/authorized_keys

cat: /home/serveruser/.ssh/authorized_keys: Is a directory
Improve this question
7
  • What are the permissions on ~serveruser/.ssh? Some implementations enforce that the folder and its contents are only accessible by the user (i.e. drwx------ or -rw------- respectively). If SELinux is installed on myserver.com (check with which setenforce), restorecon -Rv ~serveruser/.ssh is also a thing to run. (if this works, I’ll post it as an answer) Commented Jan 26, 2014 at 10:34
  • You should run ssh with one or more options -v passed to it, to see whether it loads your private key and tries to offer it for authentication to the server. Pasting it here may offer other people more clues to answer your question. Commented Jan 26, 2014 at 11:07
  • @JonasWielicki that didn't work... please check the verbose output. Commented Jan 26, 2014 at 11:23
  • 1
    Please show us the following cat /home/homeuser/.ssh/id_rsa.pub, ls -l /home/serveruser/.ssh/authorized_keys, cat /home/serveruser/.ssh/authorized_keys. Commented Jan 26, 2014 at 11:33
  • 3
    See, /home/serveruser/.ssh/authorized_keys should be a file. You create it by merely adding the contents of id_rsa.pub to it (i.e. cat /home/homeuser/.ssh/id_rsa.pub >> authorized_keys). (Obviously you have to copy the public key to the server first.) Now just having you execute those commands should have made you think why cat didn't work ;-) Commented Jan 26, 2014 at 11:46

2 Answers 2

Reset to default
4

/home/serveruser/.ssh/authorized_keys should be a file.

You create it by adding the contents of id_rsa.pub to it (i.e. cat /home/homeuser/.ssh/id_rsa.pub >> authorized_keys).

(Obviously you have to copy the public key to the server first.)

Improve this answer
2
  • Thank you! It works now. But it doesn't ask me for the passphrase... is that normal? I expected that it would ask me for the passphrase every time I log in. And one more question, how can I add more public keys? should I separate them with a new line? Commented Jan 26, 2014 at 11:52
  • 1
    If no passphrase is asked you probably already played with ssh-agent (make sure it doesn't run or logoff/login again). Unless you created a key without a passphrase (it will not say Proc-Type: 4,ENCRYPTED or so when looking at the private key). And yes, you add them by adding new lines to the file. You should probably take a look at man ssh, especially the "AUTHENTICATION" section. Commented Jan 26, 2014 at 11:57
0

In order to use your keypair, you may want to run ssh-agent to handle the authentication.

eval $(ssh-agent) ssh-add

Then your keypair will be available for all subsequent ssh sessions in that terminal. ssh-agent adds environment variables in your terminal session, which you need for ssh to use it. I typically run ssh-agent > ~/.ssha; . ~/.ssha; ssh-add in one pty, then source ~/.ssha in any others where I need to use ssh, so that all of my ptys can use the agent.

Also, I find it easier to use ssh-copy-id to add my public key to servers. It may make your life easier, too. :)

Improve this answer
2
  • Although ssh-agent makes key management easier, it is by no means necessary to allow public key authentication. Without it, ssh will by default already try to authenticate with a private key ~/.ssh/id_rsa if available and ask for its passphrase if necessary. Commented Jan 26, 2014 at 11:05
  • You need not use ssh-agent. Commented Jan 26, 2014 at 11:31

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.