1. Problem
When setting ssh password-free login, I found that some machines were logging in normally, and some machines showed an error message: public-key authentication with the server for user gzsun failed. Please verify username and public/private key pair.
2. Solve
2.1 View ssh log, debug
Locally, use the ssh client to log in.
# ssh root@xxxx -p 2222 -v
On the ssh server, check the log.
# more /var/log/secure
Among them, it shows that the user's .ssh folder and the user's home directory /home/jack have no permissions.
Authentication refused: bad ownership or modes for directory /home/jack/.ssh
Authentication refused: bad ownership or modes for directory /home/jack/.ssh
Authentication refused: bad ownership or modes for directory /home/jack/.ssh
error: Received disconnect from 36.111.140.26 port 59536:14: Unable to authenticate using any of the configured authentication methods. [preauth]
Authentication refused: bad ownership or modes for directory /home/jack
Authentication refused: bad ownership or modes for directory /home/jack
Authentication refused: bad ownership or modes for directory /home/jack
error: Received disconnect from 36.111.140.26 port 62668:14: Unable to authenticate using any of the configured authentication methods. [preauth]
Because the /home/jack/.ssh directory is only for the owner user to read, write and execute, other users are not allowed, which leads to the
failure of /home/jack/.ssh/authorized_keys to be read, which leads to the failure of ssh authentication .
2.2 Solution
The solution is very simple, check the relevant directory permissions, and set permissions as required for those that do not meet the requirements.
# chmod 700 /home/jack/
# chmod 700 /home/jack/.ssh
# chmod 600 /home/jack/.ssh/authorized_keys
# chown -R jack:jack /home/jack
Note: Regardless of the tool, debug must read the documentation.
3. Reference articles
https://wiki.centos.org/HowTos/Network/SecuringSSH