I have used PublicKey logins on a number of my servers for months without trouble. I generated the keys on my client machine and copied to the server’s ~/.ssh/authorized_keys using ssh-copy-id. All well and good until one machine stopped accepting key-based logins the other day. Obviously there has been a change, but the sshd_config is the same as it was and as the other server.
Running the connection verbosely offers the following:
debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/kapn/.ssh/id_rsa RSA SHA256: <deleted for post> debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/kapn/.ssh/id_dsa <and so on until it asks for a password>
My sshd_config file
Port 2201 PermitRootLogin without-password PubkeyAuthentication yes ChallengeResponseAuthentication no UsePAM yes TCPKeepAlive yes # All else is at default settings. # With the exception of the Port, PubKeyAuthentication and PermitRootLogin settings, # I didn't intentionally change anything here.
Any thoughts on where to look for trouble? Is there data to be gathered other than via the -vv switch on ssh?