Linux – Setup public key authorized SSH for non-root users

centoslinuxpublic-keysshssh-keys

I was able to setup ssh login using public keys for root users and tried to apply the same logic for non-root users. I have tried to troubleshoot this issue in vain. I am using centos for both my local machine and remote server.

Here is a gist of my sshd_config file a my remote server,

RSAAuthentication yes
PublicKeyAuthentication yes
AuthorizedKeysFile /etc/ssh/user/authorized_keys

PasswordAuthentication no

UsePAM no

PermitRootLogin without-password

I have moved my authorized keys file away from the user's home to /etc/ssh/user/authorized_keys as I read about home dir encryption in centos.

I have also changed the ownership of all files/dirs associated to the non-root user.

Not sure what step I am missing in my config as the same config works very well for root remote logins.

Best Answer

Remove the authorized_keys entry in your config file. Restart sshd. Make a .ssh directory in your non-root user home directory. Put the key in a file called ~/.ssh/authorized keys. Make the directory 0700 and the authorized_keys file 0644. Do the same for the root user.

Related Solutions

SSH Key – How to Create a Public Key from a Private Key

Use the -y option to ssh-keygen:

ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub

From the 'man ssh-keygen'

 -y      This option will read a private OpenSSH format file and print an
         OpenSSH public key to stdout.

Specify the private key with the -f option, yours might be dsa instead of rsa. The name of your private key probably contains which you used. The newly generated public key should be the same as the one you generated before.

Ubuntu SSH Login – Permission Denied, Please Try Again

Are you certain that the user account you're attempting to access is correctly configured? If you log in as root on the system, can you su to the user account?

# su - username

What do you see in your logs after a failed connection attempt? On many systems, sshd will log to something /var/log/secure or /var/log/auth.log. Also, I note that you have PasswordAuthentication enabled but ChallengeResponseAuthentication disabled. Do you see the same behavior if you enable ChallengeResponseAuthentication?

Here are some general diagnostic steps to use when you have ssh problems:

Enable verbose diagnostics in ssh:
```
ssh -v host.example.com
```
This will cause the client to output a variety of diagnostic messages as it negotiates the connection. This will often provide a clue to the problem.
Run the server in debug mode.

On your server, stop sshd, then run it from the command line like this:
```
/usr/sbin/sshd -d
```
This will produce verbose debug logging on stderr that will very often contain useful information.

If neither of these helps you figure out what's going on, would you add the output to your question?

Best Answer

Related Solutions

SSH Key – How to Create a Public Key from a Private Key

Ubuntu SSH Login – Permission Denied, Please Try Again

Related Topic