On Sat, Apr 18, 2009 at 10:27:00AM -0400, sean darcy wrote: > I can ssh for my laptop to the server as a user, but using root from > same laptop to same server fails. root can login with password. http://mywiki.wooledge.org/SshKeys > both cases run ssh-keygen on laptop, copy id_rsa.pub to server, cat > id_rsa.pub >> authorized_keys, restart sshd on server. Restarting sshd isn't necessary. > On client .ssh > is 700, .ssh/id_rsa is 700. Client permissions probably don't matter. At least, I've never seen a case where they do. > On server .ssh is 700, authorized_keys is > 644 ( same as user ). > > What am I missing?? The REST of the server-side permissions, most likely. Including the permissions of /root (or whatever ~root is), and any parent directories thereof. > On client: > > [root@daddy ~]# ssh -vv intel64-office Snip. > On server: [...] > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: > temporarily_use_uid: 0/0 (e=0/0) > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: trying public key > file /root/.ssh/authorized_keys > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: restore_uid: 0/0 I hate this silence in the server-side logging. Compare to what I see when I successfully login with pubkey auth: ... debug1: temporarily_use_uid: 563/22 (e=0/3) debug1: trying public key file /net/home/wooledg/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: matching key found: file /net/home/wooledg/.ssh/authorized_keys, line 1 Found matching RSA key: 9d:58:1d:f9:e5:0b:72:33:3a:93:62:e7:1e:f5:bf:df debug1: restore_uid: 0/3 debug1: ssh_rsa_verify: signature correct Accepted publickey for wooledg from 127.0.0.1 port 2879 ssh2 ... I would assume the gaping silence in your logs in between "trying public key file ...authorized_keys" and "restore_uid: 0/0" is a failure to open the public key file, though I really wish sshd would say WHY it failed to open the public key file. In any case, I'm betting the problem is "permissions of some parent directory of ~/.ssh". http://mywiki.wooledge.org/SshKeys