When examining SSH public key authentication failures, we need to understand the complete handshake process. The verbose output (-vvv) reveals critical information about what's happening behind the scenes:
debug2: key: /Users/me/.ssh/id_dsa (0x123456)
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: preferred publickey
debug3: authmethod_lookup publickey
debug3: No more authentication methods to try.
First, verify your CentOS server's SSH daemon configuration:
# Check the main sshd_config file
sudo grep -E "PubkeyAuthentication|AuthorizedKeysFile" /etc/ssh/sshd_config
# Expected output should include:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
If you need to modify these values, remember to restart the SSH service:
sudo service sshd restart
On your Mac (client machine), ensure your keys are properly set up:
# Check key permissions (critical on Mac)
ls -la ~/.ssh/
# Correct permissions should be:
-rw------- 1 user staff 1675 Feb 15 10:23 id_rsa
-rw-r--r-- 1 user staff 398 Feb 15 10:23 id_rsa.pub
-rw-r--r-- 1 user staff 222 Feb 15 10:23 known_hosts
The most reliable way to copy your public key to the server:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
If ssh-copy-id isn't available, manually append the public key:
cat ~/.ssh/id_rsa.pub | ssh user@host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
When basic checks don't reveal the issue, try these advanced methods:
# Check SELinux status (common culprit on CentOS)
sestatus
# Temporarily disable SELinux for testing
sudo setenforce 0
# Check authentication logs in real-time
sudo tail -f /var/log/secure | grep sshd
Incorrect permissions are the most common cause of public key auth failures. Verify:
# On the server:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R $USER:$USER ~/.ssh
# Home directory permissions matter too!
chmod go-w ~
If using older DSA keys (shown in your debug output), consider modern alternatives:
# Generate a new ED25519 key (recommended)
ssh-keygen -t ed25519 -C "your_email@example.com"
# Or RSA 4096-bit for compatibility
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Create or modify ~/.ssh/config for persistent settings:
Host myserver
HostName your.server.com
User username
IdentityFile ~/.ssh/id_ed25519
PreferredAuthentications publickey
IdentitiesOnly yes
When examining your verbose SSH output (ssh -vvv), we can see the authentication sequence fails at a critical point. The client detects your id_dsa key but never attempts to use it, falling back to password authentication instead.
debug2: key: /Users/me/.ssh/id_dsa (0x123456)
debug1: Next authentication method: password
First verify your CentOS 5.3 SSH server configuration:
# Check these essential settings in /etc/ssh/sshd_config:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no # Temporarily set to test key auth
After modifications, restart the SSH service:
service sshd restartOn your Mac, verify the key permissions and format:
# Check private key permissions
ls -la ~/.ssh/id_dsa
# Expected output:
-rw------- 1 user staff 668 Jan 1 12:34 /Users/me/.ssh/id_dsa
# Verify key format
ssh-keygen -l -f ~/.ssh/id_dsa
Since DSA keys have known limitations, consider generating an RSA key:
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -C "mac@example.com"
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
When forcing publickey auth (-o PreferredAuthentications=publickey), watch for these indicators:
debug3: authmethod_lookup publickey
debug3: remaining preferred:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/me/.ssh/id_rsa RSA SHA256:...
On CentOS 5.3, SELinux might block key access. Check and temporarily disable for testing:
# Check SELinux status
sestatus
# Temporarily set to permissive
setenforce 0
For deeper inspection, use these server-side commands while attempting connection:
tail -f /var/log/secure
journalctl -f -u sshd # For newer systems
Look for lines containing:
sshd[pid]: Authentication refused: bad ownership or modes