1

Upon rebooting my ubuntu machine remotely over ssh, I was no longer able to ssh to that machine. It was suggested that this was due to my home directory being encrypted with the authorized_keys locked inside it. So I took the same suggestion verbatim and added AuthorizedKeysFile /etc/ssh/.authorized_keys to my sshd_config.

But then I got Permission denied (publickey) on any ssh attempt including ssh localhost, with "Failed publickey for myusername from 192.168.1.8 port 63398 ssh2" in the /var/log/auth.log. The only way I found to fix this is to comment out the AuthorizedKeysFile setting (and maybe also do sudo service ssh restart). Of course this brings back my original problem with ssh-ing after reboot.

My /etc/ssh/.authorized_keys has permissions 600 just like the original ~/.ssh/authorized_keys. Any ideas what is going wrong?

Community
  • 1
zkurtz
  • 323
  • Move all the public keys from ~/.ssh/authorized_keys to /etc/ssh/.authorized_keys ..the file is most probably owned by root and 600 means only root has rw access, not you..make yourself the owner of the file by chown user /etc/ssh/.authorized_keys and the permission bits should be 600....keep AuthorizedKeysFile /etc/ssh/.authorized_keys on sshd_config. – heemayl Oct 28 '15 at 01:35
  • @heemayl That works! I use chown so rarely I never would have thought of that. Consider posting your comment as a solution. – zkurtz Oct 28 '15 at 11:27

1 Answers1

1

You have rightly put:

AuthorizedKeysFile    /etc/ssh/.authorized_keys

in /etc/ssh/sshd_config and also correctly moved all the public keys from ~/.ssh/authorized_keys to /etc/ssh/.authorized_keys.

The problem is that /etc/ssh/.authorized_keys is owned by root and a permission of 600 on the file means that only root can read-write the file, not the user you are login as.

To solve the issue make the user owner of the file, if the user is foobar then do:

sudo chown foobar /etc/ssh/.authorized_keys

and keep everything else as it is.

heemayl
  • 91,753