SSH Server Refused Our Key

Posted on Edited on In 评论: Views:

After I changed the HOME folder to another place, I copied the ssh config folder from old HOME to the new place. Supposedly it should directly work, right? However, when I login the server with my private key, the server said: "Server Refused Our Key"...

I spent some time to figure out the problem: new HOME folder access mode issue, it SHOULD NOT have write access for group.

Firstly, I think the server sshd uses wrong config: OLDHOME/.ssh/. However, NEWHOME/.ssh/ contains same files, either one should work.

Check the server error log: 

~$: tail /var/log/auth.log
...
Mar 28 17:08:43 DEAN sshd[40801]: Authentication refused: bad ownership or modes for directory NEWHOME

The message clearly points out the issue, then I google this message and found that, by default, ssh StrictModes option is on, and it requires the HOME folder not have group write access. Besides, the .ssh/ foler should be 700, the authorized_keys file should be 600:

chmod g-w /home/user/
chmod 700 /home/user/.ssh/
chmod 600 /home/user/.ssh/authorized_keys

Or you can switch StrictModes off, but highly not recommended to do so. Because the StrictModes prevents other users modify your .ssh/ to illegally login.

Finally the login success message appears: 

Using username "X".
Authenticating with public key "rsa-key"
Welcome to Ubuntu 18.04.3 LTS

Reference

# SSH Authentication Refused: Bad Ownership or Modes for Directory