Question 174670 in CentOS Question posted in
The official documentation can be found here.

SSH – Permission denied (publickey) issue from Mac OSX to CentOS server

(Most threads about this issue are either AWS or GitHub related. Mine is neither. It’s a simple Digital Ocean CentOS 8 server.)

My old Macbook connects to my SSH server without any issues:, using

ssh -2 -p 5555 -i  /Users/Me/.ssh/id_rsa  [email protected]

(Port number and IP changed for privacy, of course.)

I bought a new Macbook Pro, and have set up the ssh-keygen stuff as usual, then manually moved the id_rsa.pub to the server’s .ssh/authorized_keys. On the server, I did this adding to the authorized keys file using nano while logged in as the root user. So this below is what the .ssh dir looks like on the server, when logged in as the root user:

990971649 -rw-------. 1 root root 2722 Jul  7 07:52 authorized_keys
990971651 -rw-------. 1 root root 3389 Jan 10  2021 id_rsa
990971652 -rw-------. 1 root root  747 Jan 10  2021 id_rsa.pub

But despite adding the id_rsa.pub stuff into the authorized_keys on the server, I get this error:

[email protected]: Permission denied (publickey)

Most threads on this issue have been ‘solved’ by adding some parameter, but my ssh_config settings on the server seem to be fine…and this works from my old Macbook! Below are the server settings–

Protocol 2
Port 5555

LoginGraceTime 60
ClientAliveInterval 120
ClientAliveCountMax 3
MaxSessions  6
AllowUsers root 
PermitEmptyPasswords    no
PasswordAuthentication  no
PermitRootLogin         yes
X11Forwarding           no 
MaxAuthTries            6 
IgnoreRhosts            yes
AllowTcpForwarding      no
AllowAgentForwarding    no
Compression             no 
TCPKeepAlive            no 
UseDNS                  no 
HostbasedAuthentication no
PubkeyAuthentication    yes

AuthenticationMethods   publickey

What else could be going wrong?

Tags:

2

Answers


  1. 0

    sshd_config is the configuration file for the OpenSSH server. ssh_config is the configuration file for the OpenSSH client.
    Make sure not to get them mixed up

    You need to edit the server config file not the client config file (ssh_config)

    Add or edit this in your sshd_config

    PubkeyAuthentication yes

    IF you don’t wanna login with passwords only keys edit this too:

    But first try to login with the key than edit this to no if the server is not on the same location!

    PasswordAuthentication  no

    And don’t login as root security!

    PermitRootLogin         no

    You can use ssh-copy-id to copy the key to the server

    ssh-copy-id  -i ~/.ssh/[KEY] -p [PORT] [user]@[IP]

    UPDATE:

    Uncomment all this lines in your sshd_config an try to login with a allowed/existing user only with the password to find out if there are other errors:

    DON’T FORGET TO RESTART THE SSH SERVER EVERY TIME YOU CHANGE SOMETHING IN THE SSH SERVER FILES:

    #LoginGraceTime 60
#ClientAliveInterval 120
#ClientAliveCountMax 3
#MaxSessions  6
#AllowUsers root 
#PermitEmptyPasswords    no
PasswordAuthentication  yes
#PermitRootLogin         yes
#X11Forwarding           no 
#MaxAuthTries            6 
#IgnoreRhosts            yes
#AllowTcpForwarding      no
#AllowAgentForwarding    no
#Compression             no 
#TCPKeepAlive            no 
#UseDNS                  no 
#HostbasedAuthentication no
#PubkeyAuthentication    yes
#AuthenticationMethods   publickey
    Login or Signup to reply.
  2. 0

    To address the issue of OpenSSH 9.0p1 disabling RSA signatures using the SHA-1 hash algorithm by default, you can follow these steps to modify the ssh_config file:

    sudo vi /etc/ssh/ssh_config

    Add the following lines to the bottom of ssh_config:

    HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search