I am on RHEL 6. I have a user Jack which doesn't have shell access but SFTP. With my own user, I have created an RSA key pair with ssh-keygen command for jack (the user). I have created .ssh folder under jack's home directory.Also I created the authorized-keys file containing the public key under .ssh.
[root@myserver jackhome]# ls -ld .ssh
drwx------ 2 jack jack 4096 Dec 20 11:38 .ssh
[root@myserver jackhome]# ls -l .ssh
-rw------- 1 jack jack 405 Dec 20 11:38 authorized_keys
[root@myserver jackhome]# ls -ld /opt/apps/FTP/jackhome
drwxr-x--- 9 root jack 4096 Dec 20 11:37 /opt/apps/FTP/jackhome
But I cannot SFTP with the private key. But the connection with SFTP password works fine. I have tested the key pair by connecting through SFTP with my own user with the same authorized_keys file and .ssh folder in my home directory; it works just fine.
I am a bit confused. Any ideas?
UPDATE: I have change the jackhome's owner as jack instead of root and i lost sftp access even with password:
[root@myserver jackhome]# ls -ld /opt/apps/FTP/jackhome
drwxr-x--- 9 jack jack 4096 Dec 20 11:37 /opt/apps/FTP/jackhome
UPDATE-2: I have the below setting in sshd_config file. And Jack belongs to the sftponly group. Might that be the reason that he is not able to connect with rsa key?
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
/var/log/securelog file for error messages logged when this user attempts to log in. There should be a message describing exactly whysshdis rejecting the authentication. Also, RHEL 6 has SELinux enabled by default: rungetenforceto check. If it respondsenforcingand a user has their home directory in a non-default location, you may need to manually set appropriate SELinux labels to that user's home directory (user_home_dir_t) and its parent directory (home_root_t).