Troubleshooting Public Key Authentication
The Problem: Public key authentication is configured, but client users are unable to connect using public key authentication.
Check the client configuration
- Confirm that there is a private/public key pair on the client and note the name and location of the private key.
- Open the client configuration file. (If the user has a user-specific file, check both the global and user file.)
- Confirm that AllowedAuthentications includes 'publickey.'
- Check the IdentificationFile setting. Note the name and location of the file. (The default is ~/.ssh2/identification).
- Open the identification file
- Confirm that this file includes a line that identifies the client's private key. For example:
IdKey /home/joe/mykey - Confirm that the key name exactly matches the private key of the key pair. (For example, if your private key has a file extension, this extension needs to be included.)
- If no path is specified, confirm that the keys are located in the Secure Shell user directory (~/.ssh2/)
- Confirm that this file includes a line that identifies the client's private key. For example:
- Check file and directory permissions. (The second and third bullet items are required if StrictModes is enabled on the client, which is the default.)
- Is the private key readable only by the owner (600)?
- Is the identification file configured to allow write-access only to the user (600 or 644)?
- Are the user directory and all parent directories configured to allow write access only to the user (755 or less)?
Check the server configuration
- Confirm that there's a copy of the user's public key in the user-specific configuration directory on the server. The default location is ~/.ssh2.
- Open the server configuration file.
- Confirm that AllowedAuthentications includes 'publickey.'
- Check the AuthorizationFile setting. Note the name and location of the file. (The default is ~/.ssh2/authorization.)
- Open the authorization file.
- Confirm that this file includes a line that identifies the server's copy of the client's public key. For example:
Key /home/joe/mykey.pub - Confirm that the key name exactly matches the public key, including the file extension.
- If no path is specified, confirm that the key is located in the Secure Shell user directory. (The default is ~/.ssh2/. This is configurable on the server with the UserConfigDirectory keyword.)
- Confirm that this file includes a line that identifies the server's copy of the client's public key. For example:
- Check file and directory permissions. (The second bullet item is required if StrictModes is enabled on the server, which is the default.)
- Is the authorization file configured to allow write-access only to the user (600 or 644)?
- Are the user directory and all parent directories configured to allow write access only to the user (755 or less)?
 |