tag:blogger.com,1999:blog-2807403883562053852.post5329203015385090565..comments2024-03-27T08:40:31.785-06:00Comments on Clayton Cramer.: SSH Key QuestionClayton Cramerhttp://www.blogger.com/profile/03258083387204776812noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-2807403883562053852.post-73581714767602526682013-12-11T20:16:53.956-07:002013-12-11T20:16:53.956-07:00Indeed, authorized_keys does not need to have mode...Indeed, authorized_keys does not need to have mode 600, 644 is good enough (as mentioend by hga). The problem was only in permissions of ~/.ssh itself.ザイツェヴhttps://www.blogger.com/profile/17164033061112816744noreply@blogger.comtag:blogger.com,1999:blog-2807403883562053852.post-66898259169136264362013-12-09T20:58:59.760-07:002013-12-09T20:58:59.760-07:00I tend to like using ssh-copy-id, which takes care...I tend to like using <a href="http://linux.die.net/man/1/ssh-copy-id" rel="nofollow">ssh-copy-id</a>, which takes care of permissions and other stuff for me.Joshua Tolleyhttps://www.blogger.com/profile/08481531515300677240noreply@blogger.comtag:blogger.com,1999:blog-2807403883562053852.post-91600512188832814842013-12-09T12:56:59.828-07:002013-12-09T12:56:59.828-07:00Actually, authorized_keys in at least the OpenSSH ...Actually, authorized_keys in at least the OpenSSH version Debian squeeze uses doesn't have to be read protected, I've got a number of systems where they're 644 (although I'll bet changing one of those 4s to a 6 would be bad news, that would let others add to your authorized keys and then use their own private keys...).<br /><br />Presumably that's because they're your <i>public</i> keys.<br /><br />(Perfect Forward Secrecy came in circa 1992 long after I got my grounding in public key cryptosystems and is something I need to learn sooner or later, so I don't know if anything might be gained by trying to keep your public key semi-private, but I suppose its possible.)<br /><br />Anyway, I'm glad your in business, Clayton.ThatWouldBeTellinghttps://www.blogger.com/profile/16910231314995266781noreply@blogger.comtag:blogger.com,1999:blog-2807403883562053852.post-82060624468817528632013-12-09T11:48:57.055-07:002013-12-09T11:48:57.055-07:00Markofafreeman: yes, this solved it! Thanks!Markofafreeman: yes, this solved it! Thanks!Clayton Cramerhttps://www.blogger.com/profile/03258083387204776812noreply@blogger.comtag:blogger.com,1999:blog-2807403883562053852.post-45301126495416935702013-12-09T11:43:58.928-07:002013-12-09T11:43:58.928-07:00It's very likely the permissions on your ~/.ss...It's very likely the permissions on your ~/.ssh directory and/or authorized_keys file on host B. They should be 700 and 600, respectively.<br /><br />Using 'ssh-copy-id B' would setup everything correctly. But now that you've already created the directory and file, I'm not sure it will be smart enough to correct that. So on server B, do this:<br /><br />chmod 700 .ssh<br />chmod 600 .ssh/authorized_keys<br /><br />and that should fix it!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2807403883562053852.post-6041107141723998532013-12-09T11:34:17.107-07:002013-12-09T11:34:17.107-07:00Run with -v or -vv to get more detail, to see if a...Run with -v or -vv to get more detail, to see if an option is even being tried.<br /><br />One common initial setup problem is that your ~/.ssh or private keys are readable by group or other. OpenSSH believes in protecting you from yourself....ThatWouldBeTellinghttps://www.blogger.com/profile/16910231314995266781noreply@blogger.comtag:blogger.com,1999:blog-2807403883562053852.post-42761044166504634592013-12-09T11:12:54.964-07:002013-12-09T11:12:54.964-07:00Some distributions use the file authorized_keys2. ...Some distributions use the file authorized_keys2. You can also check the /etc/ssh/sshd_config file to see if it's enabled.Richardhttps://www.blogger.com/profile/17162712908716501609noreply@blogger.com