Re: New Deb 8 and no sshd access from other hosts
A bit early for [SOLVED], I think.
On Sat 26 Mar 2016 at 12:08:37 (-0500), Tom Browder wrote:
> On Fri, Mar 25, 2016 at 12:12 PM, Tom Browder <tom.browder@gmail.com> wrote:
> > I have installed Deb on my laptop and reused my old Deb 7 .ssh directory.
> >
> > I can now ssh into the existing remote servers but cannot ssh into my
> > laptop from them (as a normal user)--I always get asked for a
> > password. So the remote servers recognize my old Deb 7 keys, but
> > apparently my laptop doesn't recognize the other servers' keys.
> ...
> I found this wonderful resource:
> http://www.unixlore.net/articles/troubleshooting-ssh-connections.html
> which helped me solve the problem.
>
> First, in file '/etc/ssh/sshd_config', I changed the line
> StrictModes yes
> to this
> StrictModes no
> and restarted the ssh server. As root:
> # invoke-rc.d ssh restart
> Then I attempted the ssh login and it worked!
Not such a wonderful resource if it is so easily misunderstood. The
idea is to fix the permissions, not make your installation less secure.
> Base on the comments from jvp, I looked closer at my home directory on
> the laptop and, sure enough, the permissions were too loose (first I
> have ever heard of that, but then again I haven't looked at 'man ssh'
> in many years). Note that I have for all the years after ssh came
> along been setting the .ssh permissions correctly, but I've never run
> into a problem with the home directory. In fact, when I was working
> at our office on site (up until the end of 2008), we commonly allowed
> read access between user directories but ssh still worked.
>
> But after setting the home directory permissions to 00700 and
> restarting ssh, the login still didn't work!
[...]
> Then, in the upper widow, I saw the problem. Directory '/usr/local',
> under which my .ssh directory is actually located, was reported to
> have bad permissions:
>
> Authentication refused: bad ownership or modes for directory /usr/local
>
> I checked and they were, surprisingly:
>
> # ls -ld /usr/local
> drwxrwsr-x 31 root staff 4096 Mar 24 07:37 /usr/local
>
> I don't know how that happened, but it must have happened during the
> upgrade two days ago when I continued to use my original partition
> mounted as '/usr/local' which was not supposed to have been touched.
I don't know what happened long before that! When did /usr/local
become your home directory?
> Anyway, as root, I fixed the permissions back to what I think is correct:
>
> # chmod 00755 /usr/local
> # ls -ld /usr/local
> drwxr-xr-x 31 root staff 4096 Mar 24 07:37 /usr/local
So now the system is degraded a bit more. The correct permissions, in
fact the entire contents, are:
$ ls -l /usr/
drwxr-xr-x 2 root root 81920 Mar 26 00:59 bin
drwxr-xr-x 2 root root 4096 Apr 26 2015 games
drwxr-xr-x 39 root root 16384 Feb 16 16:55 include
drwxr-xr-x 156 root root 36864 Mar 14 07:16 lib
drwxrwsr-x 10 root staff 4096 Oct 10 2012 local
drwxr-xr-x 2 root root 12288 Mar 14 07:16 sbin
drwxr-xr-x 319 root root 12288 Jan 20 19:22 share
drwxr-xr-x 6 root root 4096 Mar 4 00:39 src
$ ls -l /usr/local/
drwxrwsr-x 2 root staff 4096 Oct 10 2012 bin
drwxrwsr-x 2 root staff 4096 Oct 10 2012 etc
drwxrwsr-x 2 root staff 4096 Oct 10 2012 games
drwxrwsr-x 2 root staff 4096 Oct 10 2012 include
drwxrwsr-x 4 root staff 4096 Dec 15 2014 lib
lrwxrwxrwx 1 root staff 9 Oct 10 2012 man -> share/man
drwxrwsr-x 2 root staff 4096 Oct 10 2012 sbin
drwxrwsr-x 10 root staff 4096 Aug 21 2015 share
drwxrwsr-x 2 root staff 4096 Oct 10 2012 src
$
So is this really the case as you said it was earlier:
$ ls -l ~/.ssh/authorized_keys
-rw------- 1 yourname yourname 3136 Jul 28 2015 /home/yourname/.ssh/authorized_keys
$ grep yourname /etc/passwd
yourname:x:1000:1000:Your Name,,,:/home/yourname:/bin/bash
$
Cheers,
David.
Reply to: