Score:0

SSH PubKey authentication is not working on one account

pk flag

I'm setting up a server and I wanted to enable pubkey authentication for two friends of mine. We have separate accounts but there is an account called server which runs a FiveM server and a few cronjobs.

The pubkey authentication is working fine on the user accounts but for some reason it doesn't work on the server account even though the content of ~/.ssh/authorized_keys is the same on all accounts.

This is the /etc/ssh/sshd_config:

Include /etc/ssh/sshd_config.d/*.conf

Port 8593
Protocol 2

MaxAuthTries 3
PubkeyAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
UsePAM no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
PrintMotd no
ClientAliveInterval 1800
PermitTunnel no
PermitRootLogin no

AcceptEnv LANG LC_*

Subsystem       sftp    internal-sftp

Match Group sftp_users
        ChrootDirectory %h
        AuthorizedKeysFile %h/.ssh/authorized_keys
        ForceCommand internal-sftp

Can you please help me out?

bocian85 avatar
cn flag
check the `/var/log/auth.log` for the information about the problem. I suspect some permissions problem (the authorized_keys file must have correct owner and permissions, 0600 preferably and the .ssh dir has to be 0700) there could also be a typo in the public key. The log should shed some light on the problem and we would know where to look for.
bocian85 avatar
cn flag
also this account can have disabled shell - you can check that in `/etc/passwd` file, thus you would be able to sudo on the account but not ssh into it. Another thing is that the home directory can be somewhere else than in `/home` but I assume that this is not the problem since you wrote that the file is in `~/.ssh/` - doing `cd ~` on this account would move you to correct homedir
pk flag
I checked the ```/var/log/auth.log``` and I saw this line: ```Jun 24 12:06:28 vps sshd[24443]: Authentication refused: bad ownership or modes for directory /home/server``` Then I checked the ownership and modes of ```/home/server``` and the group had write access to it for whatever reason. I reverted it back to the original modes and now pubkey auth is working. I'm marking it solved. Thank you.
Score:1
pk flag

Checked the /var/log/auth.log:

Jun 24 12:06:28 vps sshd[24443]: Authentication refused: bad ownership or modes for directory /home/server

The /home/server/ had permissions of 775 instead of 755.

Running sudo chmod g-w /home/server solved the issue.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.