# ssh keys not working



## newcdn (Dec 30, 2012)

Hi,

I can ssh into the server using a password but not with any keys. Below is the error seen in the logs:


```
sshd[]: error: ssh_msg_send: write
```

uname -a

```
FreeBSD X.local.domain 9.1-RC3 FreeBSD 9.1-RC3 #0:FreeBSD X.local.domain 9.1-RC3 FreeBSD 9.1-RC3 #0:
```

Windows running Plink


```
Server version: SSH-2.0-OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.62
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 3f:6d:33:14:c0:9d:a6:76:a1:7b:f8:60:af:60:29:26
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Reading private key file "X.ppk"
Pageant is running. Requesting keys.
Pageant has 1 SSH-2 keys
Pageant key #0 matches configured key file
Using username "halo".
Trying Pageant key #0
Server refused our key
Attempting keyboard-interactive authentication
Using keyboard-interactive authentication.
```


----------



## ericmacmini (Dec 30, 2012)

Are you sure that permissions on your server running sshd are ok?

Always keep your .ssh dir and all your keys chmod to 700 and 600 respectively.


----------



## newcdn (Dec 30, 2012)

yes the permissions should be fine.


```
drwx------   2         Dec 28 19:37 .ssh 
-rw-------   1         Dec 28 09:50 authorized_keys
```


----------



## ericmacmini (Dec 30, 2012)

Check your /etc/ssh/sshd_config entries, matching:


```
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile	.ssh/authorized_keys
```

Have you already tried cat /var/log/auth.log ? 

If it still not works, increase LogLevel in /etc/ssh/sshd_config and restart sshd.

Good luck


----------



## newcdn (Dec 30, 2012)

Thank you for the advice.

I've already resolved the issue on my own.    

Permissions
-------------
If the user's  has the same ID(U:G) as root '0:0' >>0:0 username then no problems.  Now if the user only belongs to the group of root then things are different.  

The user's home folder cannot  have  the ownership  root:username. When he SSHs into the server he will be denied access to the dir/subdirectories.

To address the problem, ensure the same username is owner and group for the home directory and sub-directories.


----------

