SSH daemon refuses log on based on key
Facts - Other software technologies
Monday, 05 September 2011 20:48

This note applies to OpenSSL version 0.9.x

SSH allows logging on without using a password if you set up a public/private key pair. The public key must be stored in the file ~/.ssh/authorized_keys on the remote system.

The problem I had was that the SSH daemon kept asking for a password. This was solved by setting the permissions on the file ~/.ssh/authorized_keys to read/write for the remote user only. With write permissions users could add their own key to the authorized_keys of someone else and log in under the account of this other user.

Some editors overwrite these permissions so you might have to set the permissions again. The command to set the permissions is:

$ chmod g-rxw,o-rwx,u+rw ~/.ssh/authorized_keys

Something similar might be required for the permissions of the directory ~/.ssh. These should be set to read/write/execute for the user only:

$ chmod g-rxw,o-rwx,u+rxw ~/.ssh