[TriLUG] Public Key Authentication with SSH

Aaron S. Joyner aaron at joyner.ws
Thu Jan 26 11:07:12 EST 2006


Owen Berry wrote:

>You need to have the private key in the correct place on the local
>machine, or look at using the -i option when calling ssh. If you call
>ssh-keygen without -f it will create the keys in the correct place with
>the correct file names. Or copy the files so it matches:
>
>$ ls ~/.ssh
>authorized_keys  config  id_dsa  id_dsa.pub  known_hosts
>
>Also note that the .ssh directory and contents should all only be
>readable by the owner.
>
SSH is actually very picky about that last part.  Ensure that on your
local machine, your .ssh/id_dsa is 600 or 400, otherwise ssh will wig
out.  Also, make sure that no one has write permissions to the
directory, it should be at most 755.  2755 (setgid on the dir) will
cause it to fail, I've had this bite me more than once.

You should also know that from the client, if you're unsure what's going
on, you can do `ssh -v remotehost` which will give you some very handy
debugging information.  You can also add additional v's, up to 3, but
for debugging authentication method problems the first level of
verbosity is usually sufficient.  Also probably overkill for your
situation, but it's sometimes helpful to kill sshd on the remote host,
and run it with the -d flag for debugging.  This can help troubleshoot
permissions problems and invalid authentication methods on the server side.

Good luck with getting things set up!
Aaron S. Joyner



More information about the TriLUG mailing list