ssh with key login failed from Mac OSX to CentOS 5 remote server

Question

I'm trying to setup passwordless login for from my mac to my remote server running CentOS with public key authentication for "user1".

I used $ ssh-keygen -t rsa to setup a public key on my mac and then copied the mykey.pub file over to the CentOS user1's .ssh dir and then did a

cat mykey.pub >> authorized_keys 

in the .ssh dir.

I've also set the permissions for the .ssh dir to 700 and the authorized_keys to 600.

when I do a:

ssh [email protected] 

It still prompts me for my password. What's going on?

Here is a copy of my sshd_config file on the remote machine:

Protocol 2 SyslogFacility AUTHPRIV PermitRootLogin no RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication yes PermitEmptyPasswords no ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM no AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL X11Forwarding yes Subsystem sftp /usr/libexec/openssh/sftp-server 

More info:

Here is my output for ssh -v. I think the system defaulted to using the id_rsa.pub instead of the mykey.pub and the mykey (private key file) that I named.

OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to myremoteserver.com [1.1.1.1 (fake IP)] port 22. debug1: Connection established. debug1: identity file /Users/LocalUser/.ssh/identity type -1 debug1: identity file /Users/LocalUser/.ssh/id_rsa type -1 debug1: identity file /Users/LocalUser/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'myremoteserver.com' is known and matches the RSA host key. debug1: Found key in /Users/LocalUser/.ssh/known_hosts:11 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Trying private key: /Users/LocalUser/.ssh/identity debug1: Trying private key: /Users/LocalUser/.ssh/id_rsa debug1: Trying private key: /Users/LocalUser/.ssh/id_dsa debug1: Next authentication method: password 

How does one tell the system to use mykey instead of the id_rsa?

Answer 1

Looks like your real question is right at the end:

How does one tell the system to use mykey instead of the id_rsa?

With the -i flag.

FTFM:

-i identity_file Selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for pro- tocol version 2. Identity files may also be specified on a per- host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in config- uration files). 

So then:

ssh -i mykey [email protected] 

Answer 2

When you create a public key, you are also creating a private key, called id_rsa

The id_rsa file should be in the connecting users .ssh folder, and the permissions set as you described for the server.

If it is present, then try

ssh -vvv <server> 

This will give you more detailed logging and will provide more clues as to why it isn't working.