The Case of the Ignored Key
Happy Wednesday! It is time for another "From Problem to Polish" scenario.
We are looking at a common issue related to the learning objective Configure key-based authentication for SSH.
You have generated your SSH keys, copied the public key to the server, and expect passwordless login to work. Instead, the server ignores your key and keeps asking for a password. Something is not right.
The Scenario
You are setting up key-based SSH access for the user devops.
On the server, you manually created the directory /home/devops/.ssh and pasted your public key into the file authorized_keys.
However, when you try to connect, the server still prompts you for a password. To investigate, you run a verbose SSH command:
ssh -v devops@server
In the output you see the following message:
debug1: Authentication refused: bad ownership or modes for directory /home/devops/.ssh
Your Challenge
The SSH daemon is very strict about file permissions and ownership. A small mistake here is enough to make it ignore your keys completely.
- What are the maximum permissive permissions allowed for the
.ssh directory so that key-based authentication still works? Please answer in numeric form, for example 755 or 700.
- What are the required permissions for the
authorized_keys file inside that directory?
- Apart from permissions, what ownership problem often causes the same error for SSH key authentication?
- The Polish: Post the two commands you would run to fix both the directory and file in one go so that key-based login starts working.
Let us see who knows their strict modes. Share your answers and reasoning in the comments.
