ssh still asking for password after ssh-copy-id

Question

[root@spectrumscale ~]# chmod 700 .ssh
[root@spectrumscale ~]# cd .ssh
[root@spectrumscale .ssh]# ssh-keygen -t rsa 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
05:63:ff:2a:82:fc:c9:31:87:fc:a1:61:dc:4e:5a:52 root@spectrumscale
The key's randomart image is:
+--[ RSA 2048]----+
|        +        |
|       . +       |
|          o      |
|         . .     |
|        E   .    |
|   . + +   .     |
|    o @ B .      |
|     + / o       |
|      * o        |
+-----------------+
[root@spectrumscale .ssh]#  ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.215
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.215's password: 
Permission denied, please try again.
root@192.168.1.215's password: 

Number of key(s) added: 1

Now try logging into the machine, with: ssh 'root@192.168.1.215'"and check to make sure that only the key(s) you wanted were added.

[root@spectrumscale .ssh]# ssh 192.168.1.215
root@192.168.1.215's password: 
Last failed login: Tue Nov 12 17:47:37 IST 2019 from 192.168.1.203 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Tue Nov 12 14:44:01 2019 from localhost

Answer 1

Not directly related to the situation in question, but in my case, forceing ssh-copy-id using -f option (on Windows) to copy the content of a .pub file with BOM resulted in ~/.ssh/authorized_keys not being read correctly and ssh requiring a password. The solution in this case is to remove unnecessary characters by nano ~/.ssh/authorized_keys, etc.

Answer 2

If you have verified all your permissions are correct, but are still being prompted for a password, make sure to add the below line to the file /etc/ssh/sshd_config on the system you want to login to without a password. This will allow the SSH daemon to accept ssh-rsa key types

pubkeyacceptedkeytypes ssh-rsa

After doing this, simply run the command service sshd restart and passwordless login should work now

Answer 3

You have to diagnose the root cause for this issue. You can find this by reading logs related sshd using journalctl command on the system you want to login.

Reading logs :

journalctl -t sshd

If the log shows some thing similar to Authentication refused: bad ownership or modes for directory, this is due to bad ownership or modes for directory /home/<your_user>/.ssh.

fixing permissions by

chmod go-w /home/<your_user>
chmod 700 /home/<your_user>/.ssh
chmod 600 /home/<your_user>/.ssh/authorized_keys

Also make sure that inside sshd configuration file /etc/ssh/sshd_config, make sure that PubkeyAuthentication is not commented and set yes.

Inside /etc/ssh/sshd_config make sure these is a line,

PubkeyAuthentication yes

It might needed to restart sshd service after edit in sshd configuration file.

sudo service sshd restart 

This worked for me and hope this helps!.