I am trying to configure SSHD to allow public key authentication under Cygwin on Windows Server 2012. Currently my problem is access being denied. I have confirmed that my public key is saved as a single line in authorized_keys and authorized_keys2 in the user's .ssh directory. Below you will find the command I used to connedt, the verbose output of my attempt to connect with SSH using my private key, and my SSHD configuration. The private key I'm attempt to use is in RSA PEM format.
I have also tried adding RSAAuthentication Yes to my configuration, but doing cause SSHD to fail on startup.
When RSAAuthentication YES is in the SSHD config I get he below error.
cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062: The service has not been started.
SSH Connection Command
ssh -v -i id_rsa.pem <USER>@<SERVER ADDRESS>
SSHD Configuration
PasswordAuthentication no
UsePAM no
PubkeyAuthentication yes
Verbose Output
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to ec2-54-186-180-177.us-west-2.compute.amazonaws.com [54.186.180.177] port 22.
debug1: Connection established.
debug1: identity file id_rsa.pem type -1
debug1: identity file id_rsa.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA a6:a5:57:ef:09:14:7b:0b:cc:29:7b:01:fa:ac:c8:ea
debug1: Host 'ec2-54-186-180-177.us-west-2.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/cyotee/.ssh/known_hosts:6
Warning: the RSA host key for 'ec2-54-186-180-177.us-west-2.compute.amazonaws.com' differs from the key for the IP address '54.186.180.177'
Offending key for IP in /Users/cyotee/.ssh/known_hosts:5
Matching host key in /Users/cyotee/.ssh/known_hosts:6
Are you sure you want to continue connecting (yes/no)? yes
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: id_rsa.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Best Answer
In my experience, the problem is usually incorrect file permissions on the server side. Try modifying file permissions accordingly.
chown -R USERNAME ~USERNAME/.ssh
chmod 700 ~USERNAME/.ssh
chmod 600 ~USERNAME/.ssh/authorized_keys