less than 1 minute read

I ran into a subtle problem yesterday that I feel is worth sharing. I was setting up SSH public keys so one box could ssh to another without a password prompt. (See OpenSSH Public Key Authentication for more info.) It was all set up correctly. The client had an id_rsa and id_rsa.pub, and the server had the id_rsa.pub in the authorized_keys file.

It just didn’t work, however, and I spent quite some time trying to figure it out. Turning on verbose output on the client didn’t help much, and I didn’t have the necessary access on the server to see logs.

Finally, I stumbled upon the solution listed at the OpenSSH FAQ. Apparently, if the authorized_keys file has permissions for users other than the owner, the authentication will fail. It is common for programs to fail because of too few permissions. But this is the first time I’ve seen a program fail because a file had too many permissions. Once I removed the extra access (chmod 600), everything worked fine.