Differences

This shows you the differences between two versions of the page.

--- docs:ssh:public_key_authentication [2009/10/03 19:50] – created billh
+++ docs:ssh:public_key_authentication [2014/06/03 11:43] (current) – billh
@@ Line 1: / Line 1: @@
 ===== public key authentication =====
+:!: UPDATE - using ssh-copy-id is easier.  See this page: http://serverfault.com/questions/241588/how-to-automate-ssh-login-with-password
 You know you can connect to a host with ssh by typing a password when requested.  However it is usually easier, especially for a scripted environment, to run ssh without having to type the password.  This also keeps the user password safe.
@@ Line 7: / Line 10: @@
   - this creates a private key ~/.ssh/id_rsa, and a public key ~/.ssh/id_rsa.pub
   - the single line inside the public key file needs copied to a file on the ssh server host at ~/.ssh/authorized_keys
+===== Troubleshooting =====
+If you still get a password prompt, try to correct these items:
+  * Your home directory ~ and your ~/.ssh directory on the remote machine must be writable only by you: %%rwx------%% and %%rwxr-xr-x%% are fine, but %%rwxrwx---%% is no good, even if you are the only user in your group (if you prefer numeric modes: 700 or 755, not 775).
+  * Your private key file (on the local machine) must be readable and writable only by you: %%rw-------%%, i.e. 600.
+  * Your ~/.ssh/authorized_keys file (on the remote machine) must be readable (at least 400), but you'll need it to be also writable (600) if you will add any more keys to it.  I had to make this writable only by root (644) to correct a password prompt issue recently.
 ===== Notes =====