Re: SSH key authentication - can only login as root



Brian wrote:
Tomasz Chmielewski wrote:
Greg Wooledge wrote:
On Wed, Sep 06, 2006 at 12:10:48PM +0200, Tomasz Chmielewski wrote:
I have a problem with logging in using keys (on Debian).
Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file
/home/checkuser/.ssh/authorized_keys
Sep 6 11:56:13 thecus sshd[18730]: debug1: restore_uid: 0/0
Sep 6 11:56:13 thecus sshd[18730]: debug1: temporarily_use_uid:
1001/1001 (e=0/0)
Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file
/home/checkuser/.ssh/authorized_keys2
ls -ld / /home /home/checkuser /home/checkuser/.ssh
ls -ld /home/checkuser/.ssh/authorized_keys*

I bet one or more of these directories/files has group write permission
on it.
Nope, all directories/files, starting from /home/checkuser, have only
user permissions.

Stupid me! :)

/home/checkuser/.ssh had only r+w permissions, no +x, so the user with UID!=0 couldn't even look into that directory, not to say open the key... (where root had no problems).

And I did so many configuration and pam changes, tests etc.!

Partly, I could blame OpenSSH: if the permissions are too excessive, it will report it in logs.
If it has too little permissions, it will erroneously say that the key is invalid...

Thanks all for help, I should have pasted "ls -ld /home/..." here; but I learned a bit about OpenSSH, too.

--
Tomasz Chmielewski
http://wpkg.org



Relevant Pages

  • File permission help needed
    ... My old computer died (motherboard issue). ... directories/files one layer ... I tried the ATTRIB command in MSDOS prompt, ... Is there an easy way to change the permissions on all of the files on ...
    (microsoft.public.windowsxp.basics)
  • installation problem - please help
    ... I only see the scripts in the first folder. ... I've check all permissions of these directories/files. ... Helmut Jarausch ...
    (comp.graphics.apps.gimp)
  • Re: Security.Exception
    ... > And now how can I change the CAS settings without the .NET Configuration ... > Anyway I did that before and put full permissions to the intranet zone. ... so no changs to the user permissions will help. ... >>> Diego F. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Permission problems Need some help please
    ... We ran into an issue with user permissions on our web site. ... We installed a new drive on the server and did a secure copy to copy the old ... the new drive letter to the old one. ...
    (microsoft.public.frontpage.extensions.windowsnt)
  • Re: Setting group Permissions.
    ... >>I just want some clarifcation on group and user permissions. ... >>if i want to create a group for controlling access to a directory, ...
    (comp.security.unix)