ssh ssh-keygen: Updated Wed, 17 Aug 2022 20:38:16 GMT

SSH key accepted but remote host asks for password

I'm trying to get two server to connect via ssh keys. These two servers had working ssh key authentication before, but one of them failed and was restored from a backup. Since then, the key does not seem to be working. I've tried the following:

Making sure permissions are set correctly
Removing all remote entries of the host and starting over
Generating a new key

When I set this up the first time around, I generated a key with ssh-keygen, and copied it over with ssh-copy-id, and things worked smoothly. Now, even starting over from scratch, that isn't the case.

This is a small, isolated environment, so there was nothing complicated going on - I wasn't using ssh-agent, or a passphrase for the key.

Reading the remote server's log, I can see the key was accepted, yet it still prompts for password. I'm not really sure what has gone wrong and would be grateful for some direction.

Thanks!

Solution

First of all you can use -vvv option to get debugging info from ssh.

ssh -vvv user@host

Secondly most system will accept only few (about 6) tries, so if you have more ssh keys then you should point specific, because wrong keys might used available challenges from ssh server. (It's configurable by MaxAuthTries parameter in /etc/ssh/sshd_config). To point specific key use -i option

ssh -i ~/.ssh/my_key user@host

If you are sure that problem is on server, you should check at least following:

Check ~/.ssh/authorized_keys and ~/.ssh permissions.
If you are using SELinux restorecon on /home and check auditlog with sealert
If it's still not working check sshd logs.

Comments (1)

+1 – Your tips helped my diagnose the issue. Thanks for the help! — Oct 28, 2020 at 10:53

References

https://unix.stackexchange.com/questions/616789