Ubuntu – SSH public key added but still prompt for password

opensshssh

I've encountered an error when trying to setup so I can connect to my HTPC with my laptop, I've followed this guide from ubuntu help

This is my ~/.ssh/ permissions on my remote host

-rw------- 1 htpc htpc  398 Feb 29 15:16 authorized_keys
-rw------- 1 htpc htpc 1675 Feb 29 15:15 id_rsa
-rw-r--r-- 1 htpc htpc  391 Feb 29 15:15 id_rsa.pub

this is my /etc/ssh/sshd_config file on remote host

# Authentication: 
LoginGraceTime 120 
PermitRootLogin without-password 
StrictModes yes
RSAAuthentication yes 
PubkeyAuthentication yes 
AuthorizedKeysFile      %h/.ssh/authorized_keys

When I try to enter from my local machine through SSH, it still ask me for a password even though my public ssh key is inside the authorized_keys on the remote host.

Debug log when connecting from local machine to htpc

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/mikeyr/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/mikeyr/.ssh/id_dsa
debug1: Trying private key: /home/mikeyr/.ssh/id_ecdsa
debug1: Trying private key: /home/mikeyr/.ssh/id_ed25519
debug1: Next authentication method: password

I've tried with my router as well and I have no issues getting it to work on that.

Best Answer

Note that your /etc/ssh/sshd_config contains the line

 StrictModes yes

Specifies whether sshd should check file modes and ownership of the user's files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is ''yes''.

In other words, your home directory ~ on the remote host should be owned and group-owned by you (in this case, this probably means owner htpc and group htpc), and only writable by you (and potentially your group): that means no write in the last ("world") column

$ ls -la ~/
drwxr-xr-x 41 htpc htpc .

Note that the last part says r-x (not world writable), NOT rwx.

If there's a rwx in the last triplet, you need to remove the write rights: 

chmod a-w ~

Similarly for the ~/.ssh folder and ~/.ssh/authorized_keys. I would recommend chmod 700 ~/.ssh to only grant access to yourself for the folder, and chmod 600 ~/.ssh/authorized_keys for the file.

(Also see https://unix.stackexchange.com/a/16981/5477 for more server-side debugging tools)

Related Question