OpenSSH 6.2 Not Allowing Pubkey Auth

Darren Tucker dtucker at
Fri Apr 5 14:14:29 EST 2013

On Thu, Apr 04, 2013 at 06:14:24PM -0400, Jeremy Brown wrote:
> I'm running a Debian VPS that was originally configured with OpenSSH
> 5.5 and I could use pubkey auth without issue. A few days ago, I
> decided to compile and install OpenSSH 6.2 for the AES-GCM support,
> and now I cannot login to my server with pubkey auth. I can't seem to
> figure out what the problem is, and when I replace the new sshd with
> the one originally included with my server, it resumes functioning
> without issue. For the record I'm using GCC 4.8 and OpenSSL 1.0.1e.

I would guess the stock sshd's config does not have StrictModes but the
new one does.  Check that $HOME, $HOME/.ssh and
$HOME/.ssh/authorized_keys are not group or world writable.

If that's not it:
 - run the client in debug mode ("ssh -v").  Modern versions of sshd will
   send a debug message after you log in if it refused to use a key for
   some reason (but only after you successfully authenticate somehow, eg
 - run the server in debug mode.  Assuming you can connect to some other
   port, that's something like /path/to/sshd -ddd -p 2022.  You should
   be able to see why the key was refused in the log, otherwise post it
   here for us to look at.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list