Date: Sat, 14 Sep 2019 16:51:33 +0200 From: Per Hedeland <per@hedeland.org> To: MJ <mafsys1234@gmail.com> Cc: Aryeh Friedman <aryeh.friedman@gmail.com>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: OT: My ssh authorized_keys doesn't work with nfs/nis Message-ID: <da443b4e-c08f-32f3-30a0-ec06ecb8f656@hedeland.org> In-Reply-To: <d4aabe5a-65ca-ce95-e409-2a0a5b1de36b@gmail.com> References: <CAGBxaXkVQNE6deyWs9JXh9vqmKz8tLc9HfqC8ZmBLrK2jv7p3A@mail.gmail.com> <99038e82-9643-cbe8-63d7-e3a04ada43b5@gmail.com> <CAGBxaXmhLmFMFt9tj%2B8fbybi-XNujQjui1xjMnS53eFX_GRZYA@mail.gmail.com> <d4aabe5a-65ca-ce95-e409-2a0a5b1de36b@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2019-09-14 15:26, MJ wrote: > Well it's great to see that extra debugging information totally missed it. The bad permissions was a security problem on the server - it *shouldn't* be reported to a client, even when it is run with -vvv. It is possible though a bit tricky to run the *server* with debugging, that may have revealed the problem. Hm, actually I tried the scenario *without* any debugging now, and in the server's /var/log/auth.log I found: Sep 14 16:41:58 pluto sshd[7708]: Authentication refused: bad ownership or modes for directory /home/per FreeBSD 12.0-RELEASE, OpenSSH_7.8p1 (in base). And I got the exact same result with a server running 10.3-RELEASE, OpenSSH_7.2p2. --Per > :-P > > > On 14/09/2019 11:24 pm, Aryeh Friedman wrote: >> Problem solved it turned out to be really simple the home dir was 777 when >> the widest ssh wants it is 755 (all the permissions I where look at before >> where the .ssh dir not the home dir) >> >> On Sat, Sep 14, 2019 at 9:22 AM MJ <mafsys1234@gmail.com> wrote: >> >>> >>> On 14/09/2019 5:39 pm, Aryeh Friedman wrote: >>>> My ~/.ssh/authorized_keys files works fine on a machine that is not in my >>>> NIS domain but when I copy my id_rsa.pub (which is what I did to create >>> the >>>> non-NIS authorized_keys) to my NIS account and give it the same >>> permissions >>>> as the working machine it insists on asking for a password. >>>> >>>> ssh faraway (non-NIS machine) >>>> does not ask for a password >>>> but >>>> ssh nearby (NIS machine) does >>>> >>>> Both have identical authorized keys and both (and their parent dirs) are >>>> set to 644. Both machines are FreeBSD 11 and the machine doing the ssh >>>> call is FreeBSD 12 >>>> >>> Well in desperation I guess you could: >>> >>> Nuke the dud server's authorized_keys >>> Use "ssh-copy-id -i /your/path/to/key aryeh@nearby" to copy your pub key >>> to the dud server. >>> Test with "ssh -i /your/path/to/key -vv aryeh@nearby" >>> >>> Cheers >>> Mark. >>> >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?da443b4e-c08f-32f3-30a0-ec06ecb8f656>