OT: My ssh authorized_keys doesn't work with nfs/nis
Per Hedeland
per at hedeland.org
Sat Sep 14 14:51:41 UTC 2019
On 2019-09-14 15:26, MJ wrote:
> Well it's great to see that extra debugging information totally missed it.
The bad permissions was a security problem on the server - it
*shouldn't* be reported to a client, even when it is run with -vvv.
It is possible though a bit tricky to run the *server* with debugging,
that may have revealed the problem. Hm, actually I tried the scenario
*without* any debugging now, and in the server's /var/log/auth.log I
found:
Sep 14 16:41:58 pluto sshd[7708]: Authentication refused: bad ownership or modes for directory /home/per
FreeBSD 12.0-RELEASE, OpenSSH_7.8p1 (in base). And I got the exact
same result with a server running 10.3-RELEASE, OpenSSH_7.2p2.
--Per
> :-P
>
>
> On 14/09/2019 11:24 pm, Aryeh Friedman wrote:
>> Problem solved it turned out to be really simple the home dir was 777 when
>> the widest ssh wants it is 755 (all the permissions I where look at before
>> where the .ssh dir not the home dir)
>>
>> On Sat, Sep 14, 2019 at 9:22 AM MJ <mafsys1234 at gmail.com> wrote:
>>
>>>
>>> On 14/09/2019 5:39 pm, Aryeh Friedman wrote:
>>>> My ~/.ssh/authorized_keys files works fine on a machine that is not in my
>>>> NIS domain but when I copy my id_rsa.pub (which is what I did to create
>>> the
>>>> non-NIS authorized_keys) to my NIS account and give it the same
>>> permissions
>>>> as the working machine it insists on asking for a password.
>>>>
>>>> ssh faraway (non-NIS machine)
>>>> does not ask for a password
>>>> but
>>>> ssh nearby (NIS machine) does
>>>>
>>>> Both have identical authorized keys and both (and their parent dirs) are
>>>> set to 644. Both machines are FreeBSD 11 and the machine doing the ssh
>>>> call is FreeBSD 12
>>>>
>>> Well in desperation I guess you could:
>>>
>>> Nuke the dud server's authorized_keys
>>> Use "ssh-copy-id -i /your/path/to/key aryeh at nearby" to copy your pub key
>>> to the dud server.
>>> Test with "ssh -i /your/path/to/key -vv aryeh at nearby"
>>>
>>> Cheers
>>> Mark.
>>>
>>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list