6

I'm trying to set up an SSH server. I put my public key in the authorized_keys file, made sure the permissions were correct, etc.

When I restart the server (really just Ubuntu 12.04 desktop) and I ssh to it without first logging in on the server, I am asked for a password. If, however, I log into the server, I can ssh without being asked for a password.

auth.log has these lines when I have not logged in on the actual server:

mordor sshd[1605]: debug1: trying public key file /home/buck/.ssh/authorized_keys
mordor sshd[1605]: debug1: Could not open authorized keys '/home/buck/.ssh/authorized_keys': No such file or directory
thomasrutter
  • 36,774
buck
  • 163
  • Could it be that /home or /home/buck is not mounted before the first user log in? Could you paste the output of df? – krlmlr Jun 06 '12 at 00:55
  • 5
    Are you using encrypted home directories? – sarnold Jun 06 '12 at 00:55
  • 1
    this belongs on ubuntu. –  Jun 06 '12 at 00:58
  • @sarnold yes, that was the issue – buck Jun 06 '12 at 01:25
  • @DanielA.White I'll keep that in mind for next time. I wasn't familiar with the different SE sites. – buck Jun 06 '12 at 01:26
  • @buck: that's part of the problem with the different SE sites -- this could go here (well, I won't bother voting to close..) or [su] or [sf] or [ubuntu.se] or [linux.se]... – sarnold Jun 06 '12 at 01:51
  • Because this turned out to be an issue with encrypted-home, that's what made it an Ubuntu question. But the submitter shouldn't sweat it that he didn't know it was Ubuntu-specific, since he wasn't to know what was the cause. And it's easy enough for a moderator to move it later :) – thomasrutter Jun 06 '12 at 06:03

1 Answers1

7

The problem usually arises if your home directory is encrypted. The usual solution is to put your keys in a directory other than your home directory, and point your sshd_config file to it.

For example:

  1. Move your authorized_keys file on the server from /home/buck/.ssh/authorized_keys to something like /etc/ssh/keys/buck/authorized_keys
  2. set the permissions on this folder and the keys file: sudo chown -R buck:buck /etc/ssh/keys/buck/ and chmod 700 /etc/ssh/keys/buck/ and chmod 600 /etc/ssh/keys/buck/authorized_keys
  3. Edit /etc/ssh/sshd_config and change the line AuthorizedKeysFile %h/.ssh/authorized_keys to AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys
  4. sudo service ssh restart and you should be able to login without having to login to the server first.
ptjetty
  • 103
  • 2
jeshurun
  • 848
  • awesome, thank you! The only error I ran into was that it should be %u instead of %h in the sshd_config line (to substitute username instead of home directory). – buck Jun 06 '12 at 01:28