Re: baffling ssh problem

To: debian-user@lists.debian.org
Subject: Re: baffling ssh problem
From: Wayne Topa <linuxone@intergate.com>
Date: Thu, 20 Sep 2007 11:19:35 -0400
Message-id: <[🔎] 20070920151935.GA4991@buddy.mtntop.home>
Mail-followup-to: debian-user@lists.debian.org
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20070920014447.GB18277@localhost.localdomain>
References: <[🔎] 20070918232516.GA19321@buddy.mtntop.home> <[🔎] 7D8CEB23-0E28-49F2-9E72-EB0655983899@u.washington.edu> <[🔎] 20070919001821.GE2944@lifeintegrity.com> <[🔎] 20070919023850.GA24132@buddy.mtntop.home> <[🔎] 20070919025333.GC8194@titan.hooton> <[🔎] 20070919165457.GA5127@buddy.mtntop.home> <[🔎] 20070919171118.GN18802@localhost.localdomain> <[🔎] 20070919174248.GA9202@buddy.mtntop.home> <[🔎] 20070920014447.GB18277@localhost.localdomain>

Andrew Sackville-West(andrew@farwestbilliards.com) is reported to have said:
> On Wed, Sep 19, 2007 at 01:42:48PM -0400, Wayne Topa wrote:
> 
> ...
> 
> > I agree Andrew.  Other then reading the mail today I am going to be
> > looking into the problem, as it was, to see if I can figure out
> > exactly, why the problem occured and what package the bug report 
> > should be filed against.
> > 
> 
> well its interesting that it cares what the parent directory perms are
> (from your other mail in this thread). I would think the .ssh
> directory would be sufficient. I'm not sure where to report the
> problem as well. Things that occur to me: does ssh-copy-id assume that
> /home/$USER has the correct perms without checking? 

It must, as I used ssh-copy-id to send the public key from 5 boxes to
the to 3 accounts on the server, including the one with the bad perms.
It did not throw any errors.

>
> if so, on what is
> that assumption based and who sets that perm (adduser perhaps?)?
> That's where I see the breakdown. Either ssh-copy-id isn't doing a
> sufficient job of checking or its assumptions are faulty. 

You are correct Douglas.
I just did the following:

1. Moved the ~USER/.ssh file to good.ssh, on the server
2. Changed the perms on /home/USER to 770
3. On the AND64 box did
   ssh-copy-id -i .ssh/id_dsa.pub server (not USER@server)
   Replied with password when asked.
   Then ssh'ed to server as asked.
   Was asked for password and connected when PW supplied.
4. Repeated the above but with
   ssh-copy-id -i .ssh/id_dsa.pub USER@server
   The results were the same as above.

Note:  The perms on the .ssh dir and the authorized_keys file
created by ssh-copy-id were correct, 600.

ssh-copy-id does not check (care) about perms of /home/USER.  

I don't know if that should be called a bug though, as ssh still
works, just not in password-less mode.  I do think that a mention
should be included in one of the the man pages.  

A Wish-list for a note about the perms of ~/home/use being included the 
ssh and/or ssh-copy-id man pages would be sufficient, I would think.

Wayne

-- 
Plug-and-Play is really nice, unfortunately it only works 50% of the time.
To be specific the "Plug" almost always works.            --unknown source
_______________________________________________________

Reply to:

Follow-Ups:
- Re: baffling ssh problem
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>

References:
- baffling ssh problem
  - From: Wayne Topa <linuxone@intergate.com>
- Re: baffling ssh problem
  - From: David Brodbeck <brodbd@u.washington.edu>
- Re: baffling ssh problem
  - From: Allan Wind <allan_wind@lifeintegrity.com>
- Re: baffling ssh problem
  - From: Wayne Topa <linuxone@intergate.com>
- Re: baffling ssh problem
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>
- Re: baffling ssh problem
  - From: Wayne Topa <linuxone@intergate.com>
- Re: baffling ssh problem
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: baffling ssh problem
  - From: Wayne Topa <linuxone@intergate.com>
- Re: baffling ssh problem
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>

Prev by Date: Compiz and window decorations
Next by Date: Re: Compiz and window decorations
Previous by thread: Re: baffling ssh problem
Next by thread: Re: baffling ssh problem
Index(es):
- Date
- Thread