If ssh private/public keypair authentication is failing, check the logs on the server side for permission errors. On Debian/Ubuntu check for these errors in “/var/log/auth.log”.
# error if authorized_keys file has too wide a permission for others Authentication refused: bad ownership or modes for file /home/myuser/.ssh/authorized_keys # error if .ssh directory has too wide a permission for others Authentication refused: bad ownership or modes for directory /home/myuser/.ssh # error if HOME directory has too wide a permission for others Authentication refused: bad ownership or modes for directory /home/myuser
The file/directory permissions can be fixed on the server side by removing write permission from “others”, here are commands that make that even more strict by removing write from “group” as well.
chmod go-w /home/user chmod 700 /home/user/.ssh chmod 600 /home/user/.ssh/authorized_keys
Additional troubleshooting steps
The steps above should clear up the “bad ownership or modes” errors, if you continue to have issues with public/private keypair ssh login read my article on checking if the private key on the client side and public key on the server side are truly a match.
You should also use the verbose flag on the ssh client side to check for HostKeyAlgorithm and KexAlgorithms as described in another one of my articles.
REFERENCES