RedHat 6/Oracle Linux 6 is not allowing key authentication via ssh

Question

Keys are properly deployed in ~/.ssh/authorized_keys

Yet ssh keeps on prompting for a password.

Answer 1

Several issues, mostly privileges - but also related to SELinux on RedHat 6

The following script should fix them all, please replace <user>:<group> with your matching userid and group

chown -R <user>:<group> ~/.ssh
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
restorecon -R -v ~/.ssh

Answer 2

I'd agree with the changes above working on most linux variants in the root account. I have had a problem with RedHat 6.3 with trying to get a postgres user account to use DSA auth. (6.3 running in VirtualBox)

The issue can be that the basic selinux permissions are wrong. Restorecon wont help in this case.

(After restorecon)
drwx------. postgres postgres unconfined_u:object_r:var_lib_t:s0 .ssh

I have fixed this with :

chcon -R -t ssh_home_t .ssh

This resolved this instance of the problem.

Answer 3

I had also this same issue, the proposed solution above did not solve the case for me. To summarise instructions abowe together:

1. Check following logfile on target system for possible details of errors: /var/log/secure
2. Permission of files in users ~/.ssh directory should be 600 and files should be owned By "user:group"
3. Permission of ~/.ssh directory should be 700 and owned By "user:group"
4. Permission of home directory of user ie. "~" (="~/.ssh/..") should be 755. If permissions are f.ex 775, ssh key autenthication failed in my system.

br bruno

Answer 4

The above answer is quite good, I have an addition & a suggestion. The addition is in line 2 below, as home directory permissions not be more permissive than rwxr-x--- for ssh key authentication.

cd ~
chmod g-w,o-rwx .
chmod 700 .ssh
cd .ssh
chmod 600 *
chmod 644 authorized_keys
chmod 644 known_hosts
chmod 644 config
restorecon -R -v ../.ssh

The suggestion is to make use of the -vv option when testing.