IBM Support

Things to check if SSH passwordless login is not working

Troubleshooting


Problem

Generated the public and private key pair on the SSH client.
# ssh-keygen -t rsa
Added the id_rsa.pub file to the target server's $HOME/.ssh/authorized_keys file but ssh is prompting for a password.

Symptom

Configured passwordless login for ssh but the user is prompted for a password.

Environment

SSH passwordless login is not working on AIX

Diagnosing The Problem

Things to check on the target server
1) Verify that you added the id_rsa.pub file to the user's $HOME/.ssh/authorized_keys file on the target server.
# cat $HOME/.ssh/authorized_keys
-
2) Verify that the write (w) bit is not set for group or other on the user's home directory on the target server.
-
3) Check the sshd_config file on the target server for access restrictions. 
Check for a PubkeyAcceptedKeyTypes entry. If it exists verify that the key type is defined.
More information can be obtained by putting sshd in debug on the target server and then try to ssh into the target server.
-
For example, sshd debug might log the following error
 debug2: input_userauth_request: try method public key [preauth]
 debug2: userauth_pubkey: valid user <username> querying public key rsa-sha2-512
 userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth]
 debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512 [preauth]
-
Check sshd_config, you might have a PubkeyAcceptedKeyTypes entry but it doesn't contain rsa-sha2-256, rsa-sha2-512 
Edit sshd_config and append rsa-sha2-256, rsa-sha2-512 to the end of the line. Stop and restart sshd.

Resolving The Problem

SUPPORT

If you require more assistance, use the following step-by-step instructions to contact IBM to open a case for software with an active and valid support contract.  

1. Document (or collect screen captures of) all symptoms, errors, and messages related to your issue.

2. Capture any logs or data relevant to the situation.

3. Contact IBM to open a case:

   -For electronic support, see the IBM Support Community:
     https://www.ibm.com/mysupport
   -If you require telephone support, see the web page:
      https://www.ibm.com/planetwide/

4. Provide a clear, concise description of the issue.

 - For guidance, see: Working with IBM AIX Support: Describing the problem.

5. If the system is accessible, collect a system snap, and upload all of the details and data for your case.

 - For guidance, see: Working with IBM AIX Support: Collecting snap data

6. Upload all of the details and data to your case

   - Attach files to your case in the IBM Support Community

     https://www.ibm.com/mysupport/s/?language=en_US

    -Or Upload data to IBM test case server analysis:
f. Provide feedback for clicking on "Contact and feedback" button on the right side of the document.

[{"Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvwrAAA","label":"Communication Applications"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
15 December 2022

UID

ibm16847909

Page Feedback