A new SFTP connection was not working, even though everything looked fine:
1. Permissions were correct on directories:
chmod go-w $HOME/
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keys
chmod 600 $HOME/.ssh/id_rsa
chmod 644 $HOME/.ssh/id_rsa.pub
chmod 644 $HOME/.ssh/known_hosts
1. Permissions were correct on directories:
chmod go-w $HOME/
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keys
chmod 600 $HOME/.ssh/id_rsa
chmod 644 $HOME/.ssh/id_rsa.pub
chmod 644 $HOME/.ssh/known_hosts
2. Keys were correctly placed
However, it still asked for password, whenever SFTP connection was done:
Using username "sftpuser".
Authenticating with public key "rsa-key-20150214"
Server refused public-key signature despite accepting key!
Using keyboard-interactive authentication.
Password:
I tried various things, none worked and I eventually went back to my notes for SFTP troubleshooting:
1. Correct Permissions
chmod go-w $HOME/
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keys
chmod 600 $HOME/.ssh/id_rsa
chmod 644 $HOME/.ssh/id_rsa.pub
chmod 644 $HOME/.ssh/known_hosts
2. Make sure the owner:group on the directories and files is correct:
ls -ld $HOME/
ls -ld $HOME/.ssh
ls -ltr $HOME/.ssh
3. Login as root
chown user:group $HOME
chown user:group $HOME/.ssh
chown user:group $HOME/.ssh/authorized_keys
chown user:group $HOME/.ssh/id_rsa
chown user:group $HOME/.ssh/id_rsa.pub
chown user:group $HOME/.ssh/known_hosts
4. Check for user entries in /etc/passwd and /etc/shadow
5. grep user /etc/shadow
When I did the 5th step, I found that /etc/shadow entry for the user didn't exist. So I did these steps:
chmod 600 /etc/shadow
vi /etc/shadow
Insert this new line at the end
sftpuser:UP:::::::
Save File
chmod 400 /etc/shadow
It started working after that.
No comments:
Post a Comment