Re: SSH key authentication - can only login as root

From: Tomasz Chmielewski <mangoo@xxxxxxxx>
Date: Fri, 08 Sep 2006 23:45:04 +0200

Brian wrote:

Tomasz Chmielewski wrote:
Greg Wooledge wrote:
On Wed, Sep 06, 2006 at 12:10:48PM +0200, Tomasz Chmielewski wrote:
I have a problem with logging in using keys (on Debian).
Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file
/home/checkuser/.ssh/authorized_keys
Sep 6 11:56:13 thecus sshd[18730]: debug1: restore_uid: 0/0
Sep 6 11:56:13 thecus sshd[18730]: debug1: temporarily_use_uid:
1001/1001 (e=0/0)
Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file
/home/checkuser/.ssh/authorized_keys2

ls -ld / /home /home/checkuser /home/checkuser/.ssh
ls -ld /home/checkuser/.ssh/authorized_keys*

I bet one or more of these directories/files has group write permission
on it.

Nope, all directories/files, starting from /home/checkuser, have only
user permissions.

Stupid me! :)

/home/checkuser/.ssh had only r+w permissions, no +x, so the user with UID!=0 couldn't even look into that directory, not to say open the key... (where root had no problems).

And I did so many configuration and pam changes, tests etc.!

Partly, I could blame OpenSSH: if the permissions are too excessive, it will report it in logs.
If it has too little permissions, it will erroneously say that the key is invalid...

Thanks all for help, I should have pasted "ls -ld /home/..." here; but I learned a bit about OpenSSH, too.

--
Tomasz Chmielewski
http://wpkg.org

References:
- SSH key authentication - can only login as root
  - From: Tomasz Chmielewski
- Re: SSH key authentication - can only login as root
  - From: Greg Wooledge
- Re: SSH key authentication - can only login as root
  - From: Tomasz Chmielewski

Prev by Date: transport protocol exception (bad client public DH value)
Next by Date: Re: openssh: Enabling sftp, but disabling ssh?
Previous by thread: Re: SSH key authentication - can only login as root
Next by thread: locale problem
Index(es):
- Date
- Thread

Relevant Pages

File permission help needed
... My old computer died (motherboard issue). ... directories/files one layer ... I tried the ATTRIB command in MSDOS prompt, ... Is there an easy way to change the permissions on all of the files on ...
(microsoft.public.windowsxp.basics)
installation problem - please help
... I only see the scripts in the first folder. ... I've check all permissions of these directories/files. ... Helmut Jarausch ...
(comp.graphics.apps.gimp)
Re: Security.Exception
... > And now how can I change the CAS settings without the .NET Configuration ... > Anyway I did that before and put full permissions to the intranet zone. ... so no changs to the user permissions will help. ... >>> Diego F. ...
(microsoft.public.dotnet.framework.aspnet)
Permission problems Need some help please
... We ran into an issue with user permissions on our web site. ... We installed a new drive on the server and did a secure copy to copy the old ... the new drive letter to the old one. ...
(microsoft.public.frontpage.extensions.windowsnt)
Re: Setting group Permissions.
... >>I just want some clarifcation on group and user permissions. ... >>if i want to create a group for controlling access to a directory, ...
(comp.security.unix)