How to make public key SSH access working please?

[postcd]

Hello,

i want to access server via SSH without need to enter password, so i thought i will generate public key and share it with server from which i will be accessing, but it do not works. Says: "# ssh -l root localhost -p 7000
Permission denied (publickey)."

why i am connecting localhost? because i set port forwarding from localhost to destination LAN/firewalled by executing command ssh -fN -R 7000:localhost:22 username@PublicServerIPhere on the server i want to connect. It should work, password access worked, but not public key, returns "Permission denied (publickey)."

Error appears even after i logged in server i want to connect and executed ssh-keygen and then ssh-copy-id IPOfTheServerFromWhichINeedPasswordLesAccess
it worked and when i re-run, it says: "All keys were skipped because they already exist on the remote system."
So key should be coppied.

Where is the problem please? This is sshd_config of the server i am trying to connect (one that refuse ssh pub. key connection and allows password connection):

cat /etc/ssh/sshd_config|grep -v "#"|grep " "
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM no

source server (from which i am connecting) is CentOS(redhat), destination server which refusing pub.key access is Debian.

Thank you for help :-/

 

[postcd]

update: ISSUE SOLVED

in this scenario, i had to not only add server's key to the client's authorized_keys file, but also vice versa (client's key to the server). Then it started working.

The problem was with these sshd-config lines:

PermitRootLogin
PasswordAuthentication
UsePAM

To allow password auth. for root:

PermitRootLogin yes
PasswordAuthentication yes
UsePAM yes

To allow only authorized keys (public key access):

PermitRootLogin without-password
PasswordAuthentication no
UsePAM no

and do not forget: service ssh reload

 

[jakester]

you didnt solve problems; you created them. logging in and permitting root over network is incredibly stupid, and disabled on purpose.