I noticed that authorized keys had the group-write-bits set to 6. I fixed it: chmod 644 ~dan/.ssh/authorized_keys Now I can authenticate via public-key. Yay! Thanks Stephen On 5/9/14, Stephen Harris <lists at spuddy.org> wrote: > On Fri, May 09, 2014 at 03:42:52PM -0700, Greg Bailey wrote: >> I think you're missing: >> >> chmod 600 ~dan/.ssh/authorized_keys >> >> Without it, sshd won't use the authorized_keys file if it's readable by >> other users. (I think that's related to "StrictMode"; consult sshd man >> page) > > No. Public keys are public and are happy to be readable. > > What can _not_ be allowed is group/world writeable... ANYWHERE in the > path. > > eg if ~dan is /home then > / must be owned by root and permission 755 > /home must be owned by root and permission 755 > /home/dan must be owned by dan and not be group/world writeable > /home/dan/.ssh must be owned by dan and not be group/world writeable > /home/dan/.ssh/authorized_keys must be owned by dan and > not be group/world writeable > > Also permissions of /etc /etc/ssh /etc/ssh/sshd_config and so on. > > -- > > rgds > Stephen > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >