Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

Passwordless SSH still asks for password

Setting up a passwordless SSH connection is great, it helps you automate tasks that require connections to different servers by removing the need to enter passwords. You generate a private and public keypair on the source server then copy the public to the target server and connect away.

Things don’t often go as intended or planned. A test server recently refused to let connections in via this method. To troubleshoot we launched SSH in debugging mode to see what the issue was.

Start SSH in debugging mode by stopping SSH first. This has to be done on the target server:

service sshd stop

Now start SSH in debugging mode by issuing the following at the terminal:

/usr/sbin/sshd -d

Leave this window open and attempt to connect to this server from the source server. Go back to the target server window and look at the data. The error is usually close to the bottom and for us it was the following:

debug1: trying public key file /root/.ssh/authorized_keys
Authentication refused: bad ownership or modes for the directory /root

For us, it turns out the owner of the /root directory was not root itself. This a new server and we don’t know how that could’ve happened. To fix this we simply ran:

chown root:root /root

The usual culprits are incorrect permissions on either /root/.ssh or /root/.ssh/authorized_keys. Issue the following to fix this:

chmod -R 0700 /root/.ssh
chmod -R 0755 /root/.ssh

That’s it!