问题
Keys are properly deployed in ~/.ssh/authorized_keys
Yet ssh keeps on prompting for a password.
回答1:
Several issues, mostly privileges - but also related to SELinux on RedHat 6
The following script should fix them all, please replace <user>:<group> with your matching userid and group
chown -R <user>:<group> ~/.ssh
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
restorecon -R -v ~/.ssh
回答2:
I'd agree with the changes above working on most linux variants in the root account. I have had a problem with RedHat 6.3 with trying to get a postgres user account to use DSA auth. (6.3 running in VirtualBox)
The issue can be that the basic selinux permissions are wrong. Restorecon wont help in this case.
(After restorecon)
drwx------. postgres postgres unconfined_u:object_r:var_lib_t:s0 .ssh
I have fixed this with :
chcon -R -t ssh_home_t .ssh
This resolved this instance of the problem.
回答3:
I had also this same issue, the proposed solution above did not solve the case for me. To summarise instructions abowe together:
- Check following logfile on target system for possible details of errors: /var/log/secure
- Permission of files in users ~/.ssh directory should be 600 and files should be owned By "user:group"
- Permission of ~/.ssh directory should be 700 and owned By "user:group"
- Permission of home directory of user ie. "~" (="~/.ssh/..") should be 755. If permissions are f.ex 775, ssh key autenthication failed in my system.
br bruno
回答4:
The above answer is quite good, I have an addition & a suggestion. The addition is in line 2 below, as home directory permissions not be more permissive than rwxr-x--- for ssh key authentication.
cd ~
chmod g-w,o-rwx .
chmod 700 .ssh
cd .ssh
chmod 600 *
chmod 644 authorized_keys
chmod 644 known_hosts
chmod 644 config
restorecon -R -v ../.ssh
The suggestion is to make use of the -vv option when testing.
来源:https://stackoverflow.com/questions/9741574/redhat-6-oracle-linux-6-is-not-allowing-key-authentication-via-ssh