✓ Solved

SSH login is not using my key

I have a public/private key on my windows computer at c:/Users/myname/.ssh/ id_rsa.pub and id_rsa. I copied the id_rsa.pub to ~/.ssh/authorized_keys using WinSCP and this directory has 600 permissions. /.ssh and the id_rsa.pub have 700 permissions. I can't cd into the authorized_keys directory, I get a permission denied. I am the owner and it has permissions 600.

When I ssh into my Linode, I'm prompted for my password, it does not seem to recognize that I have key. I don't get any errors. I've also tried this by changing the permissions of authorized_keys to 700.

3 Replies

✓ Best Answer

Here's a few things to check.

  1. ~/.ssh permissions should be 700, and you should be the owner. Your primary user group should also be the owner of this directory.
  2. ~/.ssh/authorized_keys permissions should be 600, same ownership as the directory. ~/.ssh/authorized_keys is also a file with all the authorized ssh keys you want to use, not a directory. If you've set it up as a directory, it won't work.
  3. This may not be strictly needed, but /etc/ssh/sshd_config setting AuthorizedKeysFile may need to be .ssh/authorized_keys

If all this doesn't solve the issue, perhaps someone else knows more information and could help you further, checking these things has worked for me in the past, though.

Good luck,

Wow, somehow I had mixed up and thought thought authorized_keys was a directory.

I got this working but I have another problem. On my local machine I have a id_rsa public/private key that doesn't work when I copy the public key to the authorized_keys file. This id_rsa.pub file is 574 characters long. If I make a new key with ssh-keygen -d 4096 and use this, it works (751 characters). But I need my original id_rsa for something else. authorized_keys doesn't seem to work when I rename my new key (the one that works) to id_rsa_1.

I don't think you can rename a key. It is looking for a file named id_rsa

I suggest you forget the id_rsa (private and pub) and create keys using id_ed25519 and id_ed25519.pub (same way you created the _rsa keys.)

Then upload the pub key to your remote site. (No need to delete the old rsa keys)

The new ed25519 key algorithm is more secure than the old rsa key. It is also much shorter and thus, much faster to authenticate. I use ed25519 to get from my local iMac to all my servers… and from server to server (to upload/download files from each other via bash scripts.)



Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct