reminder:
The content described in this article is dependent and may differ from the expectation due to different soft and hard conditions, so please take the actual situation as the criterion for reference only.
The server has configured a key login, but the client (Xshell, etc.) always prompts "the selected user key is not registered on the remote host" when logging in. After troubleshooting, it is found that the SSH configuration of the Azure CentOS7 template is different from other systems. No wonder nothing else is wrong, but the Azure server cannot log in!
SSH Profile /etc/ssh/sshd_config
There is such a line in
# AuthorizedKeysFile .ssh/authorized_key
If you enable Key login, we usually delete the key in front of this line #
However, it is easy to ignore that the files of other systems are .ssh/authorized_keys
And here it is .ssh/authorized_key
!! If you copy files directly from other systems, the client will not be able to key in.
Other reasons that may cause the problem of "the selected user key is not registered on the remote host" or "the server rejected the user key" include:
- File permissions:
chmod 700 .ssh
, chmod 600 .ssh/authorized_keys
, and authorized_keys
Belongs to a user group (e.g chown ubuntu:ubuntu .ssh/uthorized_keys
; - Key error: on server
authorized_keys
The public key should be saved( rsa_id.pub
), not the private key( rsa_id
); - Key verification is not turned on:
/etc/ssh/sshd_config
There should be PubkeyAuthentication yes
This line is not commented; - User name and key do not match: if the key is placed in
/home/debian/.ssh/
Below (that is, the user is debian
), the login user name is ubuntu
; - The user name is disabled: such as
/etc/ssh/sshd_config
Configured PermitRootLogin no
, but use root
Account login; - SELinux enabled: using
getenforce
View, at least Permissive
, if it is Enforcing
It's also no good. Temporarily Closed: setenforce 0
; Permanent close: editing /etc/sysconfig/selinux
, of which SELINUX=enforcing
Replace with SELINUX=disabled
。
After confirming these problems, we can basically solve the problem that the selected user key is not registered on the remote host.
Reference article:
1、《 SSH public key authentication failure caused by SELinux 》