Hello list, on a CentOS 6.4 machine I'm creating accounts with empty passwords. Each user's public key is located in <user's home>/.ssh/authorized_keys. When trying to ssh into that machine, following error message is displayed: Permission denied (publickey). In /etc/ssh/sshd_config I've set: PasswordAuthentication no UsePAM no If I set a password for the users, the public key auth works without any problems. Could anyone tell me what I'm missing here? Thanks Michael
This error is when you ssh in (with PuTTY, for example) without attaching the private key. -------- Original Message -------- Subject: [CentOS] SSH login from user with empty password From: Michael Schultz <m.schultz at srz.de> Date: Thu, October 10, 2013 3:44 pm To: centos at centos.org Hello list, on a CentOS 6.4 machine I'm creating accounts with empty passwords. Each user's public key is located in <user's home>/.ssh/authorized_keys. When trying to ssh into that machine, following error message is displayed: Permission denied (publickey). In /etc/ssh/sshd_config I've set: PasswordAuthentication no UsePAM no If I set a password for the users, the public key auth works without any problems. Could anyone tell me what I'm missing here? Thanks Michael _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
On Thu, 10 Oct 2013 15:44:36 +0200 Michael Schultz wrote:> UsePAM noI've never been completely clear on what UsePAM yes versus UsePam no actually does, other than that setting it to no seems to make things a lot more complicated. Perhaps you could try setting it to yes and see if that solves the problem? -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
On 10 Oct 2013 14:45, "Michael Schultz" <m.schultz at srz.de> wrote:> on a CentOS 6.4 machine I'm creating accounts with empty passwords. Each > user's public key is located in <user's home>/.ssh/authorized_keys. > > When trying to ssh into that machine, following error message isdisplayed:> Permission denied (publickey). >Check /var/log/secure on the server for more details... Check the permissions on the file and .ssh directory... Needs to be owned by the user and 600 on the file... This is a very common issue... Also check context on the file and folder if selinux is enabled.
Hello, check permissions on <user's home>/.ssh/authorized_keys. i guess issue related to permissions but i can be wrong On 10.10.2013, at 15:44, Michael Schultz <m.schultz at srz.de> wrote:> Hello list, > > on a CentOS 6.4 machine I'm creating accounts with empty passwords. Each > user's public key is located in <user's home>/.ssh/authorized_keys. > > When trying to ssh into that machine, following error message is displayed: > Permission denied (publickey). > > In /etc/ssh/sshd_config I've set: > PasswordAuthentication no > UsePAM no > > If I set a password for the users, the public key auth works without any > problems. > > Could anyone tell me what I'm missing here? > > > Thanks > Michael > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
----- Original Message -----> From: "Michael Schultz" <m.schultz at srz.de> > To: centos at centos.org > Sent: Thursday, October 10, 2013 6:44:36 AM > Subject: [CentOS] SSH login from user with empty password > > Hello list, > > on a CentOS 6.4 machine I'm creating accounts with empty passwords. > Each > user's public key is located in <user's home>/.ssh/authorized_keys. > > When trying to ssh into that machine, following error message is > displayed: > Permission denied (publickey). > > In /etc/ssh/sshd_config I've set: > PasswordAuthentication no > UsePAM no > > If I set a password for the users, the public key auth works without > any > problems. > > Could anyone tell me what I'm missing here? > > > Thanks > MichaelSSH by default will use a key pair if found but then drops back to login password. It will also fall back to password if the keypair has a passphrase and you just hit retrun without type it in. SSH won't allow you to connect because the password in the shadow file is blank. Basically if you don't have a password it should not allow you to login regardless. From a security standpoint it makes sense to never allow blank passwords. Just give the account a long 25 character random password and then setup SSH key pairs. David.