Unable to authenticate after upgrading
From: Steve (sbassle_at_alleghenyenergy.com)
Date: 11/21/05
- Next message: SJ: "Re: ssh server for Win98"
- Previous message: Nico Kadel-Garcia: "Re: ssh server for Win98"
- Next in thread: Steve: "Re: Unable to authenticate after upgrading"
- Reply: Steve: "Re: Unable to authenticate after upgrading"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Nov 2005 05:35:46 -0800
I just finished upgrading an AIX server from 5.1.03 to 5.3.01. I also
upgraded openSSH from 3.8p1 (I think), compiled locally, to 4.1p1,
downloaded from IBM's "OpenSSH on AIX" Sourceforge site. I kept the
same options in the ssh*_config files and copied the host keys from the
old location (/usr/local/etc) to the new (/etc/ssh). All users kept
their .ssh directories.
I have one account that I set up several montha ago with a DSA key
pair, no passphrase, for running a batch job from another server - scp
followed by ssh with remote command execution. If it matters, it's a
ksh cgi-bin script run under an Apache web server as "nobody",
connecting to the "acsss" account on an ACSLS server. It worked before
the upgrade but is broken now. I see the following error in the syslog
when the script tries to run, and SSH drops back to asking me for the
remote account's password.
Nov 20 02:19:07 <server_name> sshd[9814]: Authentication refused:
realpath /export/home/ACSSS/.ssh/authorized_keys failed: Permission
denied
Here is the ssh invocation:
ssh -i /.ssh/id_dsa acsss@<server_name> <script_name>
(Yes, the key file is in root's ssh directory, but / is also "nobody"'s
home directory, the key file is owned by "nobody", "nobody" has read
access to the directory, and most importantly, it worked before. I've
also run the command as root, with the same results, and running with
the -vvv verbose option shows that the key is sent and rejected, so I
don't think it's a problem on the sending side.)
Here are the relevant authorized_keys file and directory permissions:
#ls -ld /export /export/home /export/home/ACSSS \
/export/home/ACSSS/.ssh/ /export/home/ACSSS/.ssh/authorized_keys
drwxr-xr-x 4 root system 512 Nov 17 21:11 /export
drwxr-xr-x 6 sys sys 512 Dec 14 2004 /export/home
drwxr-x--- 15 acsss staff 1024 Nov 17 22:15 /export/home/ACSSS
drwxr-x--- 2 acsss staff 512 Nov 18 16:33
/export/home/ACSSS/.ssh/
-rw-r----- 1 acsss staff 215 Nov 18 15:56
/export/home/ACSSS/.ssh/authorized_keys
I have no problem logging in myself. Here are my file/directory
permissions:
#ls -ld /home /home/<my_id> /home/<my_id>/.ssh \
/home/<my_id>/.ssh/authorized_keys
drwxr-xr-x 31 root system 512 Nov 18 09:25 /home
drwxr-x--- 4 <my_id> staff 512 Nov 21 07:34 /home/<my_id>
drwxr-x--- 2 <my_id> staff 512 Aug 29 2003 /home/<my_id>/.ssh
-rw-r----- 1 <my_id> staff 290 Oct 12 2001
/home/<my_id>/.ssh/authorized_keys
I generated and tried a protocol 2 RSA key, but it shows the same
problem. What does this error mean, or how can I get more detail?
Note: I can't see how it would make a difference, but somehow during
the AIX upgrade the /export/home mount point was lost. I recreated it
with a simple mkdir and the filesystem mounted successfully. Could the
mount point permisions be a problem, even though they're masked once
the filesystem is mounted?
Thanks,
Steve
- Next message: SJ: "Re: ssh server for Win98"
- Previous message: Nico Kadel-Garcia: "Re: ssh server for Win98"
- Next in thread: Steve: "Re: Unable to authenticate after upgrading"
- Reply: Steve: "Re: Unable to authenticate after upgrading"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
