25

I have a server, and I want to be able to SSH in with two different users. I have setup public key authentication for the first user, and it works just fine, however, I can't login with the second user. The difference between the authorized_keys file is that, the second user has two keys(both of them fail when authenticating). Both the .ssh directory and the authorized keys file have 755 permissions. The ssh client sends the key, that I want to authenticate with. What could be the problem?

Improve this question
2
  • Please show the commands for the two users and the different keys for the second user you are using to ssh into the server. Commented Oct 22, 2014 at 12:05
  • Glad the above worked in your case. Besides just resetting the password. I'd advice to also have a look if you have pam_tally locking the account. pam_tally2 --user userb --reset This will reset the failed counts on the account and allow you to login. Commented Dec 8, 2016 at 8:01

4 Answers 4

Reset to default
32

First, the .ssh directory should have 700 permissions and the authorized_keys file should have 600.

chmod 700 .ssh
chmod 600 .ssh/authorized_keys

In case you created the files with say root for userB then also do:

chown -R userb:userb .ssh

If the problem still persist, then post the output from your ssh log file in your question and I'll update my answer.

For Debian:

less /var/log/auth

For Redhat:

less /var/log/secure
Improve this answer
2
  • chown -R userb:userb .ssh replace userb with your current user. i did chown -R userb:userb .ssh/authorized_keys just in case too. Really helpful answer!! Commented Jun 23, 2018 at 20:25
  • less /var/log/auth.log shown interesting stuff! Authentication refused: bad ownership or modes for directory /home/pi This was not flagged anywhere in ssh -vvv, bad debug info from SSH it's always a headache. Commented Jun 1, 2021 at 10:02
8

I have found this message in /var/log/auth.log:

Oct 22 13:27:58 hagyma sshd[27420]: User userb not allowed because account is locked

I have set a password for userb with sudo passwd userb, and it unlocked the account.

Improve this answer
2
  • this was the solution for a backup user created as a system account Commented Mar 2, 2018 at 10:45
  • ..and now you have two problems. hope that password is secure. Commented Dec 13, 2018 at 20:37
5

For me, sshd was ignoring ~/.ssh/authorized_keys because /home partition was mounted in an unusual way. I tried everything, I set the correct permisions, and it worked only after modifying in sshd_config:

StrictModes no
Improve this answer
5
  • This was working for me on CentOS 7. root login with public key was working, but not for users on /home Commented Aug 10, 2018 at 13:41
  • I tried adding this to my Synology's config, and it caused sshd to fail to start. Nearly locked myself out of the server. Commented Jun 6, 2020 at 19:32
  • Instead of StrictModes no first try to set permissions 700 to your home folder chmod 700 /home/user Also check this article enter link description here Commented May 29, 2021 at 10:26
  • Sadly this would be the only solution but is not secure enough for my use-case Commented Sep 23, 2022 at 11:34
  • weird thing about ssh config - I found some elements just will not kick on even if you restart the daemon and only a full restart to the main runlevel target (or a reboot) would fix it, I did that and it was golden. Commented Mar 27 at 18:10
3

I had same problem due to SELinux.

Please, configure SELinux properly (restorecon -Rv ~/.ssh) or disable it (on RedHat, you should edit /etc/selinux/config and reboot the machine or just type setenforce 0 to disable SELinux temporarily until next reboot).

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.