Bug 704930

Summary: AuthorizedKeysFile not working
Product: [Fedora] Fedora Reporter: Peng Tao <bergwolf>
Component: opensshAssignee: Jan F. Chadima <jchadima>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: jchadima, mattias.ellert, mgrepl, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-16 22:33:08 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Peng Tao 2011-05-15 23:28:12 EDT
Description of problem:
authorizedkeysfile parameter in /etc/ssh/sshd_config does not work. So ssh autologin can not work with public ssh key.

Version-Release number of selected component (if applicable):
openssh-5.6p1-30.fc15.x86_64

How reproducible:
[Fedora29@.ssh]$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/bergwolf/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/bergwolf/.ssh/id_rsa.
Your public key has been saved in /home/bergwolf/.ssh/id_rsa.pub.
The key fingerprint is:
c1:ef:ac:4e:d4:9c:64:dd:60:f3:86:2b:cf:3a:97:35 bergwolf@Fedora29
The key's randomart image is:
+--[ RSA 2048]----+
|            +    |
|       .   o *   |
|        o o o +  |
|         B . o   |
|        S * .    |
|       . o +  E  |
|        . o oo . |
|       . ...o    |
|       .o .o     |
+-----------------+
[Fedora29@.ssh]$pwd
/home/bergwolf/.ssh
[Fedora29@.ssh]$cat id_rsa.pub >> authorized_keys
[Fedora29@.ssh]$sudo cat /etc/ssh/sshd_config |grep authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys
[Fedora29@.ssh]$ssh localhost
bergwolf@localhost's password:

Actual results:
ssh still requires password

Expected results:
ssh should login without promoting for passwd

Additional info:
Comment 1 Jan F. Chadima 2011-05-16 00:09:20 EDT
1) repair all permissions of the authorized keys file including selinux lebel (restorecon).
2) check logs security and audit.
3) if step 1 works for you close this bugzilla
4) if does not please attach here your sshd_config and interesting pieces of the logs
thx
Comment 2 Miroslav Grepl 2011-05-16 16:05:23 EDT
Also what is your output of

# ls -lZ /home/bergwolf/.ssh
Comment 3 Peng Tao 2011-05-16 22:33:08 EDT
It turns out to be 
May 16 17:57:31 Fedora15 sshd[11894]: Authentication refused: bad ownership or modes for directory /home/bergwolf/.ssh

After doing chmod 700 .ssh, it works now.

Thanks a lot, Jan and Miroslav.