I have been using RSA public key authentication to connect from a CentOS 6 server to a CentOS 5 server and it's worked fine. I built a CentOS 7 server to replace the CentOS 5 server but can't get PublicKey Authentication to work. I have checked permissions on my home directory, .ssh and the keys, regenerated the key several times (ssh-keygen -t rsa), tried a different user, compared the sshd_config files (which are different because of the versions but not in a way that I think would cause this). But still no go. Running the sshd server ( on CentOS 7) in debug mode (/usr/sbin/ssh -d) shows this at the end:
debug1: matching key found: file /home/bobdog/.ssh/authorized_keys, line 1 RSA SHA256:CvNAblahblablah-long-string-of-charsPO3Y
debug1: restore_uid:0/0
Postponed publickey for cyoho from xxx.xxx.xxx.xxx port 37888 ssh2 [preauth]
debug1: userauth-request for user bobdog service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/bobdog/.ssh/authorized_keys
debug1: fd 4 clearing 0_NONBLOCK
debug1: matching key found: file /home/bobdog/.ssh/authorized_keys, line 1 RSA SHA256:CvNAblahblablah-long-string-of-charsPO3Y
debug1: restore_uid:0/0
key_verify: incorrect signature
Failed publickey for bobdog from xxx.xxx.xxx.xxx port 3788 ssh2: RSA SHA256:CvNAblahblablah-long-string-of-charsPO3Y
Connection closed by xxx.xxx.xxx.xxx port 3788 [preauth]
debug1: do_cleanup
Running the connection in verbose mode (ssh -v bobdog@CentOS7Host.umpublishing.org) shows the following:
debug1: Next authentication method: publickey
debug1: Trying private key: /home/bobdog/.ssh/identity
debug1: Offering public key: /home/bobdog/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authications that can continue: publickey, gssapi-keyex, gssapi-with-mic, password
debug1: Trying private key: /home/bobdog/.ssh/id_dsa
debug1: Trying private key: /home/bobdog/.ssh/id_ecdsa
debug1: Next authentication method: password
bobdog@CentOS7Host's password:
At this point I can login via the password.
What am I missing?
PublicKey Authentication not working between CentOS 6 and 7 servers
PublicKey Authentication not working between CentOS 6 and 7 servers
- Attachments
-
- sshd_config_CentOS7server.txt
- (3.86 KiB) Downloaded 68 times
-
- sshd_config_CentOS6server.txt
- (3.82 KiB) Downloaded 63 times
Re: PublicKey Authentication not working between CentOS 6 and 7 servers
CentOS 7.4 includes a much newer openssh package and the openssh developers have removed a bunch of ciphers and protocols that they consider to be broken and unsafe. It's possible that a key that was generated on CentOS 5 using the defaults may now not be usable. Perhaps try generating a new key on CentOS 7 and using that instead.
Also ssh is very picking about permissions but errors will be logged to /var/log/secure on the server you're trying to connect to so it's worth looking there. I'd also doublecheck that the copy of your authorized_keys file on the el7 machine is correct as "incorrect signature" could be down to corruption.
Permissions should look like this
Also try restorecon -RFv /home/$USER/.ssh and see if the selinux contexts were correct (that will fix them and tell you what changed).
Also ssh is very picking about permissions but errors will be logged to /var/log/secure on the server you're trying to connect to so it's worth looking there. I'd also doublecheck that the copy of your authorized_keys file on the el7 machine is correct as "incorrect signature" could be down to corruption.
Permissions should look like this
Code: Select all
[root@centos7 ~]# namei -mo /home/trevor/.ssh/authorized_keys
f: /home/trevor/.ssh/authorized_keys
dr-xr-xr-x root root /
drwxr-xr-x root root home
drwx------ trevor trevor trevor
drwx------ trevor trevor .ssh
-rw------- trevor trevor authorized_keys
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke