Kyle R. Burton on 21 Jul 2010 08:12:55 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Problems with password-less SSH - SOLVED

  • From: "Kyle R. Burton" <>
  • To: "Philadelphia Linux User's Group Discussion List" <>
  • Subject: Re: [PLUG] Problems with password-less SSH - SOLVED
  • Date: Wed, 21 Jul 2010 11:12:49 -0400
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=+ORETJVXfOf7OZFjeHJvCxC6hINO8RVioNczfDLCpa4=; b=leHsR74alD7IsGj6u+IB5+P3CUksAhNWCy6PMSmvxNl/aLT72maZxVlbvZ+3oDVMOm iccS9gnYs1rEZ6ZMefC4yvzUj9T+E3An9dphgspHMyxvPqq0wTLd0fcadDwIpkndJ5ZD GCKRb+H183FrpA9C3cOTJJNeJAHaq32c4QHmU=
  • Reply-to: Philadelphia Linux User's Group Discussion List <>
  • Sender:

> Jul 21 09:55:55 phaserv1 sshd[17334]: Authentication refused: bad ownership
> or modes for directory /ftp-area/FileCollector
> All the home folders come under the /ftp-area for this server. And all have
> group W permissions set (so that a job that executes as a specific user can
> go into each of those home folders and clean them up).
> So the perms were
> drwxrwxr-x  3 FileCollector FileCollector 4096 Jul 21 08:56 FileCollector
> That was it - removing the group WRITE permission allowed SSH to work. So it
> was a permissions issue, after all. Just not on the .ssh directory, or the
> authorized_keys file ...

Awesome that you found it!

> Now, supposing I need that account to have group WRITE permissions (for
> whatever reason), how would I have told SSH to disregard the perms on the
> home folder? I ask for future reference only.

I think I'd make a group writable sub-directory instead (configure
your ftp server to point into there - or whatever software needs
access to the writable spot).  ssh needs strong perms on all the
directories leading up to and including the .ssh directory and its
contents - if they're not strong, then someone can potentially move
(rename) the directory and substitute an alternate.


Twitter: @kyleburton
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --