Hi all
In [url=https://www.centos.org/modules/newbb/viewtopic.php?topic_id=36106&start=0#forumpost156731]this post[/url] I was struggling with this issue:
Password-based login is working, but PublicKey-based login is failing.
Now my problem is slightly different: key-based login as root works (I can ssh in multiple times), but login as user1 fails.
Password-based login as user1 works (after I do `ssh-add -D` to clear the ssh agent).
When attempting to login verbosely, I see the same key being offered in both cases. In the case of root it's accepted, in the case of user1 it's passed over.
The public key is present in `.ssh/authorized_keys` for both root and user1, and the permissions on the dir and the file are correct. As far as I can tell there's nothing in `sshd_config` to stop user1 from logging in using a public key.
The error being reported is "Disconnecting: Too many authentication failures for user".
Any idea what I'm running into?
[SOLVED] PublicKey auth fails (again!)
Re: PublicKey auth fails (again!)
Is the selinux context correct for the authorized_keys file? Run restorecon -R $user/.ssh to correct it and then try again.
-
- Posts: 8
- Joined: 2012/03/01 06:11:21
Re: PublicKey auth fails (again!)
Hi TrevorH ... thanks for the answer!
That (restorecon) fixed the issue in the referenced post, but in this case it doesn't help.
That (restorecon) fixed the issue in the referenced post, but in this case it doesn't help.
Re: PublicKey auth fails (again!)
Check /var/log/secure on the server side for more info.
-
- Posts: 8
- Joined: 2012/03/01 06:11:21
Re: PublicKey auth fails (again!)
Found it! My sshd_config had:
AuthorizedKeysFile ~/.ssh/authorized_keys
When I change that to (the default!)
AuthorizedKeysFile .ssh/authorized_keys
I can log in as user2.
AuthorizedKeysFile ~/.ssh/authorized_keys
When I change that to (the default!)
AuthorizedKeysFile .ssh/authorized_keys
I can log in as user2.
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
[SOLVED] PublicKey auth fails (again!)
Yet another example of why defaults should be left alone unless there is a good reason to change them. Thanks for reporting back. Marking this thread [SOLVED] for posterity.