Git server host authorized_keys file not identifying users id_rsa.pub key asking server password

Question

Our git server authorized_keys file is not identifying anyone's id_rsa.pub key from this morning before it worked fine, from past 6 months never faced this issue. All repo's having same problem even on new repo's too.

things i did:

1) checked on git host server .ssh/authorized_key file and permissions looks good (having 600 permissions). 2) Took backup of .ssh folder, regenerated new and created new authorized_key file also added new id_rsa.pub key even same problem.

kindly help me on this, all users are not able to pull/push/clone even me too.

Only problem i found i dont know it is a problem or not also

when i executed ls -lart authorized_keys * command on git server it shows two authorized_keys files

output:

[git@xxxxx .ssh]$ ls -lart authorized_keys *

-rw------- 1 git git 404 Oct 22 17:59 authorized_keys
-rw------- 1 git git 404 Oct 22 17:59 authorized_keys

Regards, sankarbheema

Answer 1

You said in comments:

[git@xxxx home]$ ls -ld ~git ~git/.ssh
drwxrwxr-x 28 git git 4096 Oct 22 18:22 /home/git
drwx------  2 git git 4096 Oct 23 09:39 /home/git/.ssh

While this is acceptable permissions for git's .ssh directory, SSH is refusing to accept connections because git's home directory is group writable. SSH realizes that group writability means that other users might be able to effect changes on ~/.ssh, so it refuses to trust the files in there.

The location of the log that tells you about this depends on your operating system. On my system (FreeBSD), the file to look at is /var/log/auth.log, which contains a line like:

Oct 23 06:45:25 pc sshd[29724]: Authentication refused: bad ownership or modes for directory /usr/home/ghoti

To fix this, change remove the group write bit.

sudo chmod 755 ~git

Oh, and the reason that ls -lart authorized_keys * shows two authorized_keys files is that you are specifying that file twice - once explicitly, and once as member of the wildcard (*).