Ensure PuTTY has the correct private key:
- Launch PuTTY.
- In the left panel, expand +SSH and highlight auth. Ensure the correct private key is being used.
Ensure the Linux SSH server has the correct public key. In this example, we can see that the public key on Windows in Notepad++ matches the public key at /root/.ssh/authoriuzed_keys.
Ensure the /etc/ssh/sshd_config file has the following settings:
PermitRootLogin without-password PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
Ensure the permissions and ownership of the authorized_keys file and .ssh directory are correct.
chmod 700 /root/.ssh chmod 600 /root/.ssh/authorized_keys chown root:root /root/.ssh chown root:root /root/.ssh/authorized_keys
Ensure the SSH daemon is active and running.
[root@server1 ~]# systemctl status sshd . . . Active: active (running) . . .
If problems persist, view the /var/log/secure or /var/log/auth.log files. In this example, the log file has No supported authentication methods available.
[root@server1 ~]# tail /var/log/secure . . . No supported authentication methods available . . .
SELinux may be preventing SSHD from accessing /root/.ssh/authorized_keys. To check this, set SELinux to permissive mode. Once in permissive mode, if you are able to connect, this configures SELinux is preventing SSHD from accessing /root/.ssh/authorized_keys.
[root@server1 ~]# echo 0 > /sys/fs/selinux/enforce
The ls -Z command can be used to view the current SELinux configuration. Notice in this example that samba_share_t is listed. This is not the expected output.
[root@server1 ~]# ls -Z /root/.ssh -rw-------. root root system_u:object_r:samba_share_t:s0 authorized_keys
To configure SELinux to allow SSHD access to /root/.ssh/authorized_keys.
[root@server1 ~]# restorecon -FRvv ~/.ssh
Checking the SELinux configuration, we can now see that ssh_home_t is listed.
[root@server1 ~]# ls -Z /root/.ssh -rw-------. root root system_u:object_r:ssh_home_t:s0 authorized_keys
Set SELinux back to enforcing.
[root@server1 ~]# echo 1 > /sys/fs/selinux/enforce