Our server is an Aliyun ECS instance. When creating the instance, we chose to log in using a key pair, but recently we encountered an issue where we couldn’t log in using the private key. Since I had urgent matters to attend to at the time, I first modified the login password in the Aliyun console and then logged in using the password. However, password login is still not as secure as using SSH Key.

So after finishing my urgent tasks, I tried to rebind a key pair for the server in the Aliyun console, but still couldn’t log in. So I generated a public-private key pair locally and copied the public key to the server using the ssh-copy-id command.

I also modified the PasswordAuthentication setting in the server’s /etc/ssh/sshd_config file to no.

I thought this would allow me to connect, but when I tried to log in, I got the following message:

$ ssh -i ~/.ssh/id_rsa [email protected]
[email protected]: Permission denied (publickey, gssapi-keyex,gssapi-with-mic).

After multiple attempts, trying various types of keys without success, I found a post online suggesting that the user’s home directory might be encrypted, causing SSH Key verification to fail.

As a last resort, I copied the /root/.ssh/authorized_keys file to /etc/ssh/authorized_keys, and then modified the AuthorizedKeysFile entry in /etc/ssh/sshd_config to point to /etc/ssh/authorized_keys.

Then I restarted the SSHD service using the following command:

$ sudo systemctl restart sshd

When I tried connecting to the server again, I finally succeeded.

I hope this is helpful, Happy hacking…