Re: ssh/dsa strange issue
On Thu, 2011-10-20 at 23:40 -0600, Bob Proulx wrote:
> Joao Ferreira Gmail wrote:
> > a) user jane on one system transfers her public DSA key to account john
> > at a given remote host. it works. jane accesses john's account without
> > typing a password.
> >
> > b) now the same user jane transfers her public DSA key to account mary
> > at the _same_ remote host. it does not work. she get's prompted for a
> > passord (she get's access by typing mary's password)
> >
> > my guess is that there must be some difference between john and mary
> > accounts. I can not realise what it is (shell is bash on both).
>
> Usually people trip over permissions being too open. Assuming you are
> using /home try this to look at the permissions.
>
> $ ls -ld /home /home/mary /home/mary/.ssh /home/mary/.ssh/authorized_keys
> drwxr-xr-x 9 root root 4096 Feb 28 2011 /home
> drwxr-xr-x 126 mary mary 16384 Oct 20 23:17 /home/mary
> drwx------ 2 mary mary 4096 Sep 29 18:31 /home/mary/.ssh
> -rw-r--r-- 1 mary mary 809 Oct 28 2010 /home/mary/.ssh/authorized_keys
>
:) bull's eye :)
/home/mary was 775. changed it to 755 and it immediately worked.
Thank you
João
> All of those directories should be writable only by the owner and the
> owner should be mary. The typical problem is that people will have
> one of those files to be group writable. In that case sshd refuses
> the authorized_keys file due to the possibility that another user can
> write to the file.
>
> > Please find bellow the output of "ssh -vvv ...." for both situations.
>
> The verbose output of the sshd would be more helpful. Easiest to run
> it on another port temporarily.
>
> # /usr/sbin/sshd -d -p 2222
>
> And then try to log into it on that other port.
>
> jane@localhost:~$ ssh -p 2222 localhost
>
> You might see an error like this one on the sshd server debug side:
>
> Authentication refused: bad ownership or modes for directory /home/mary
>
> Bob
Reply to: