Re: pubkey works for user: why not root ?



On Sat, Apr 18, 2009 at 10:27:00AM -0400, sean darcy wrote:
I can ssh for my laptop to the server as a user, but using root from
same laptop to same server fails. root can login with password.

http://mywiki.wooledge.org/SshKeys

both cases run ssh-keygen on laptop, copy id_rsa.pub to server, cat
id_rsa.pub >> authorized_keys, restart sshd on server.

Restarting sshd isn't necessary.

On client .ssh
is 700, .ssh/id_rsa is 700.

Client permissions probably don't matter. At least, I've never seen a
case where they do.

On server .ssh is 700, authorized_keys is
644 ( same as user ).

What am I missing??

The REST of the server-side permissions, most likely. Including the
permissions of /root (or whatever ~root is), and any parent directories
thereof.

On client:

[root@daddy ~]# ssh -vv intel64-office

Snip.

On server:
[...]
Apr 18 10:04:41 intel64-office sshd[30747]: debug1:
temporarily_use_uid: 0/0 (e=0/0)
Apr 18 10:04:41 intel64-office sshd[30747]: debug1: trying public key
file /root/.ssh/authorized_keys
Apr 18 10:04:41 intel64-office sshd[30747]: debug1: restore_uid: 0/0

I hate this silence in the server-side logging. Compare to what I see
when I successfully login with pubkey auth:

...
debug1: temporarily_use_uid: 563/22 (e=0/3)
debug1: trying public key file /net/home/wooledg/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /net/home/wooledg/.ssh/authorized_keys, line 1
Found matching RSA key: 9d:58:1d:f9:e5:0b:72:33:3a:93:62:e7:1e:f5:bf:df
debug1: restore_uid: 0/3
debug1: ssh_rsa_verify: signature correct
Accepted publickey for wooledg from 127.0.0.1 port 2879 ssh2
...

I would assume the gaping silence in your logs in between "trying
public key file ...authorized_keys" and "restore_uid: 0/0" is a failure
to open the public key file, though I really wish sshd would say WHY
it failed to open the public key file.

In any case, I'm betting the problem is "permissions of some parent
directory of ~/.ssh".

http://mywiki.wooledge.org/SshKeys



Relevant Pages

  • Re: Logging in irrespective of database access
    ... Sysadmin role members have full permissions, ... SQL Server MVP ... > My problem is that in the Login section of Enterprise Manger I have to> specify that each login has the System Admin ticked under Server Roles> because in SQL 2000 there doesn't seem to a Grant All permissions option> like there used to be in SQL 6.5. ... > What's the point in having the Database Access section if the System Admin> under Server Roles allows you to get into anything?. ...
    (microsoft.public.sqlserver.programming)
  • Re: Logging in irrespective of database access
    ... Sysadmin role members have full permissions, ... SQL Server MVP ... > My problem is that in the Login section of Enterprise Manger I have to> specify that each login has the System Admin ticked under Server Roles> because in SQL 2000 there doesn't seem to a Grant All permissions option> like there used to be in SQL 6.5. ... > What's the point in having the Database Access section if the System Admin> under Server Roles allows you to get into anything?. ...
    (microsoft.public.sqlserver.server)
  • Re: Logging in irrespective of database access
    ... Sysadmin role members have full permissions, ... SQL Server MVP ... > My problem is that in the Login section of Enterprise Manger I have to> specify that each login has the System Admin ticked under Server Roles> because in SQL 2000 there doesn't seem to a Grant All permissions option> like there used to be in SQL 6.5. ... > What's the point in having the Database Access section if the System Admin> under Server Roles allows you to get into anything?. ...
    (microsoft.public.sqlserver.server)
  • Re: Logging in irrespective of database access
    ... Sysadmin role members have full permissions, ... SQL Server MVP ... > My problem is that in the Login section of Enterprise Manger I have to> specify that each login has the System Admin ticked under Server Roles> because in SQL 2000 there doesn't seem to a Grant All permissions option> like there used to be in SQL 6.5. ... > What's the point in having the Database Access section if the System Admin> under Server Roles allows you to get into anything?. ...
    (microsoft.public.sqlserver.programming)
  • Re: ODBC in MS Access ignores DSN authorization method
    ... login doesn't have permissions, you get an error. ... to use a trusted connection or a SQL login, ... >permissions, and instead use the PUBLIC permissions. ... >When the Windows login I am using has access to the database, ...
    (microsoft.public.sqlserver.odbc)