Contents[Show]

1. Situation

Trying to ssh to remote computer but remote computer asks for a password.

A ssh-copy-id has been done and there is a key in the local folder /home/user/.ssh/authorized_keys.

The local .ssh folder is chmod 700 and all files within are chmod 600.

 

2. Resolution alternatives

2.1. Alternative 1

Ssh-copy-id creates the authorized keys files it creates it with the proper permissions, but with the wrong SELinux label.
The fix for this is restoring the labels to their policy defaults using this command:

# restorecon -R ~/.ssh

 

2.2. Alternative 2

2.2.1. Temporary disable selinux

Do this as root on the CLI.

# setenforce 0

 

2.2.2. Permanently disable selinux

Edit /etc/selinux/config. Save and reboot computer to finalize change.

Change the following line

SELINUX=enforcing

to

SELINUX=disabled

 

2.3. Alternative 3

Start a ssh daemon on another port in debug mode, it will tell you immediately why the key is being rejected.

Wild guess; your home directory is group writable.

Firewall on remote computer may have to be temporarily disabled. See How to configure firewalld on CentOS 7 for more info.


On remote computer:

# /usr/sbin/sshd -d -p 2222

 

On local computer:

# ssh -p 2222 user@remotehost

 

Error message on remote computer:

... Authentication refused: bad ownership or modes for file /home/user/.ssh/authorized_keys ...

 

Fix: remove write permission on user's homefolder for group, ie set octal permissions to 750 for folder /home/user.

 

 

 

Source: https://serverfault.com/questions/464411/trying-to-ssh-in-to-remote-computer-but-still-asking-for-password