I'm configuring a new server I'm setting up, and trying to use key authentication for SSH, but I'm having some sort of issue. I was following the steps from this article:

https://www.linode.com/docs/security/us ... ing-system

I completed all the steps, but when I try to connect afterwards, it just asks for the user and then the password like logging in normally, not the passphrase like the article says should happen. The steps are all pretty straight forward, and I've checked over all the steps several times, but I'm clearly missing something since it's not working. Any ideas what I should check?

Things that come to mind:

1. Check the permissions on your private key (~/.ssh/id_rsa or ~/.ssh/id_dsa) - OpenSSH will refuse to use it if these are incorrect. It should have read/write permissions for the owner only, like so:

$ ls -l ~/.ssh/id_rsa
-rw------- 1 vance vance  951 Aug 24 23:45 id_rsa

2. Use the verbose switch when logging in to produce additional diagnostics. For example:

ssh -vv user@host

I had actually already checked the permissions, and just checked again, but they're already set like you said they should be.

I tried the verbose switch you mentioned, but it listed a fair bit of information and I'm not really sure what I'd be looking for in it. Is there something specific in there I should be looking for?

You also need to check the permissions on the PUBLIC key on the remote server and of the whole directory tree from / to $HOME/.ssh - if any of those directories are world/group writeable then ssh daemon won't use the key. Also if any of those directories are own by anyone other than the user or root then it won't work.

_________________
Rgds
Stephen
(Linux user since kernel version 0.11)

Ok, it was actually the public key I had checked the permissions on, not the private key. And I checked all the directories as well, no write permission for group or world anywhere in those.

On the private key, I'm connecting from Windows using PuTTY, but the permissions Vance listed weren't for Windows (that's why I checked the public key, I saw Linux style permissions and just checked the remote Linux server without realizing the post said private key). The article I was following was specifically for PuTTY and didn't list needing to do anything for the private key other than generating it, saving it, and setting the location for it in PuTTY.