Re: New Deb 8 and no sshd access from other hosts [SOLVED]

To: debian-user@lists.debian.org
Subject: Re: New Deb 8 and no sshd access from other hosts [SOLVED]
From: Tom Browder <tom.browder@gmail.com>
Date: Sat, 26 Mar 2016 12:08:37 -0500
Message-id: <[🔎] CAFMGiz-tFkmo-RpubeNMN9A2V7f1fTE+qiN2=xehQurPQ3YQzA@mail.gmail.com>

On Fri, Mar 25, 2016 at 12:12 PM, Tom Browder <tom.browder@gmail.com> wrote:
> I have installed Deb on my laptop and reused my old Deb 7 .ssh directory.
>
> I can now ssh into the existing remote servers but cannot ssh into my
> laptop from them (as a normal user)--I always get asked for a
> password.  So the remote servers recognize my old Deb 7 keys, but
> apparently my laptop doesn't recognize the other servers' keys.
...

I found this wonderful resource:

  http://www.unixlore.net/articles/troubleshooting-ssh-connections.html

which helped me solve the problem.

First, in file '/etc/ssh/sshd_config', I changed the line

  StrictModes yes

to this

  StrictModes no

and restarted the ssh server.  As root:

  # invoke-rc.d ssh restart

Then I attempted the ssh login and it worked!

Base on the comments from jvp, I looked closer at my home directory on
the laptop and, sure enough, the permissions were too loose (first I
have ever heard of that, but then again I haven't looked at 'man ssh'
in many years).  Note that I have for all the years after ssh came
along been setting the .ssh permissions correctly, but I've never run
into a problem with the home directory.  In fact, when I was working
at our office on site (up until the end of 2008), we commonly allowed
read access between user directories but ssh still worked.

But after setting the home directory permissions to 00700 and
restarting ssh, the login still didn't work!

Then I looked at the resource page where it showed how to debug the
whole ssh login session.  I used two terminal windows stacked one
above the other.  In the top window, on the laptop (local host) I
became root and executed the following:

  # /usr/sbin/sshd -d -p 2222

and in the lower window I logged into the remote host and, as my
normal user self, executed the following:

  $ ssh -vv -p 2222 jv2

where 'jv2' is the host name of my laptop.

Then, in the upper widow, I saw the problem.  Directory '/usr/local',
under which my .ssh directory is actually located, was reported to
have bad permissions:

  Authentication refused: bad ownership or modes for directory /usr/local

 I checked and they were, surprisingly:

  # ls -ld /usr/local
  drwxrwsr-x 31 root staff 4096 Mar 24 07:37 /usr/local

I don't know how that happened, but it must have happened during the
upgrade two days ago when I continued to use my original partition
mounted as '/usr/local' which was not supposed to have been touched.

Anyway, as root, I fixed the permissions back to what I think is correct:

  # chmod 00755 /usr/local
  # ls -ld /usr/local
  drwxr-xr-x 31 root staff 4096 Mar 24 07:37 /usr/local

restarted the ssh server, and the login worked as advertised--whew!

Thanks to all who offered help.

Best regards,

-Tom

Reply to:

Follow-Ups:
- Re: New Deb 8 and no sshd access from other hosts
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: New Deb 8 and no sshd access from other hosts [SOLVED]
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

Prev by Date: Re: New firefox isn't working
Next by Date: Re: Changing Boot Order
Previous by thread: Re: Echoaudio wiki, Debian 8.3.0, error -2/-12/-5?
Next by thread: Re: New Deb 8 and no sshd access from other hosts
Index(es):
- Date
- Thread