[SOLVED] PublicKey auth fails (again!)

[jeanjordaan]

Hi all

In [url=https://www.centos.org/modules/newbb/viewtopic.php?topic_id=36106&start=0#forumpost156731]this post[/url] I was struggling with this issue:
Password-based login is working, but PublicKey-based login is failing.

Now my problem is slightly different: key-based login as root works (I can ssh in multiple times), but login as user1 fails.
Password-based login as user1 works (after I do `ssh-add -D` to clear the ssh agent).

When attempting to login verbosely, I see the same key being offered in both cases. In the case of root it's accepted, in the case of user1 it's passed over.

The public key is present in `.ssh/authorized_keys` for both root and user1, and the permissions on the dir and the file are correct. As far as I can tell there's nothing in `sshd_config` to stop user1 from logging in using a public key.

The error being reported is "Disconnecting: Too many authentication failures for user".

Any idea what I'm running into?

[TrevorH]

Is the selinux context correct for the authorized_keys file? Run restorecon -R $user/.ssh to correct it and then try again.

[jeanjordaan]

Hi TrevorH ... thanks for the answer!

That (restorecon) fixed the issue in the referenced post, but in this case it doesn't help.

[TrevorH]

Check /var/log/secure on the server side for more info.

[jeanjordaan]

Found it! My sshd_config had:

AuthorizedKeysFile ~/.ssh/authorized_keys

When I change that to (the default!)

AuthorizedKeysFile .ssh/authorized_keys

I can log in as user2.

[pschaff]

Yet another example of why defaults should be left alone unless there is a good reason to change them. Thanks for reporting back. Marking this thread [SOLVED] for posterity.