I've encountered an error when trying to setup so I can connect to my HTPC with my laptop, I've followed this guide from ubuntu help
This is my ~/.ssh/ permissions on my remote host
-rw------- 1 htpc htpc 398 Feb 29 15:16 authorized_keys
-rw------- 1 htpc htpc 1675 Feb 29 15:15 id_rsa
-rw-r--r-- 1 htpc htpc 391 Feb 29 15:15 id_rsa.pub
this is my /etc/ssh/sshd_config file on remote host
# Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
When I try to enter from my local machine through SSH, it still ask me for a password even though my public ssh key is inside the authorized_keys on the remote host.
Debug log when connecting from local machine to htpc
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/mikeyr/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/mikeyr/.ssh/id_dsa
debug1: Trying private key: /home/mikeyr/.ssh/id_ecdsa
debug1: Trying private key: /home/mikeyr/.ssh/id_ed25519
debug1: Next authentication method: password
I've tried with my router as well and I have no issues getting it to work on that.
Best Answer
Note that your
/etc/ssh/sshd_config
contains the lineIn other words, your home directory
~
on the remote host should be owned and group-owned by you (in this case, this probably means ownerhtpc
and grouphtpc
), and only writable by you (and potentially your group): that means no write in the last ("world") columnNote that the last part says
r-x
(not world writable), NOTrwx
.If there's a
rwx
in the last triplet, you need to remove the write rights:Similarly for the
~/.ssh
folder and~/.ssh/authorized_keys
. I would recommendchmod 700 ~/.ssh
to only grant access to yourself for the folder, andchmod 600 ~/.ssh/authorized_keys
for the file.(Also see https://unix.stackexchange.com/a/16981/5477 for more server-side debugging tools)