ssh keys not working

[newcdn]

Hi,

I can ssh into the server using a password but not with any keys. Below is the error seen in the logs:

sshd[]: error: ssh_msg_send: write

uname -a

FreeBSD X.local.domain 9.1-RC3 FreeBSD 9.1-RC3 #0:FreeBSD X.local.domain 9.1-RC3 FreeBSD 9.1-RC3 #0:

Windows running Plink

Server version: SSH-2.0-OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.62
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 3f:6d:33:14:c0:9d:a6:76:a1:7b:f8:60:af:60:29:26
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Reading private key file "X.ppk"
Pageant is running. Requesting keys.
Pageant has 1 SSH-2 keys
Pageant key #0 matches configured key file
Using username "halo".
Trying Pageant key #0
Server refused our key
Attempting keyboard-interactive authentication
Using keyboard-interactive authentication.

 

[ericmacmini]

Are you sure that permissions on your server running sshd are ok?

Always keep your .ssh dir and all your keys chmod to 700 and 600 respectively.

 

[newcdn]

yes the permissions should be fine.

drwx------   2         Dec 28 19:37 .ssh 
-rw-------   1         Dec 28 09:50 authorized_keys

 

[ericmacmini]

Check your /etc/ssh/sshd_config entries, matching:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile	.ssh/authorized_keys

Have you already tried cat /var/log/auth.log ?

If it still not works, increase LogLevel in /etc/ssh/sshd_config and restart sshd.

Good luck

 

[newcdn]

Thank you for the advice.

I've already resolved the issue on my own.

Permissions
-------------
If the user's has the same ID(U:G) as root '0:0' >>0:0 username then no problems. Now if the user only belongs to the group of root then things are different.

The user's home folder cannot have the ownership root:username. When he SSHs into the server he will be denied access to the dir/subdirectories.

To address the problem, ensure the same username is owner and group for the home directory and sub-directories.