Re: [PLUG] Problems with password-less SSH

Kyle R. Burton on 21 Jul 2010 08:12:55 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Problems with password-less SSH - SOLVED

From: "Kyle R. Burton" <kyle.burton@gmail.com>

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Problems with password-less SSH - SOLVED

Date: Wed, 21 Jul 2010 11:12:49 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=+ORETJVXfOf7OZFjeHJvCxC6hINO8RVioNczfDLCpa4=; b=leHsR74alD7IsGj6u+IB5+P3CUksAhNWCy6PMSmvxNl/aLT72maZxVlbvZ+3oDVMOm iccS9gnYs1rEZ6ZMefC4yvzUj9T+E3An9dphgspHMyxvPqq0wTLd0fcadDwIpkndJ5ZD GCKRb+H183FrpA9C3cOTJJNeJAHaq32c4QHmU=

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

> Jul 21 09:55:55 phaserv1 sshd[17334]: Authentication refused: bad ownership > or modes for directory /ftp-area/FileCollector > > All the home folders come under the /ftp-area for this server. And all have > group W permissions set (so that a job that executes as a specific user can > go into each of those home folders and clean them up). > > So the perms were > > drwxrwxr-x 3 FileCollector FileCollector 4096 Jul 21 08:56 FileCollector > > That was it - removing the group WRITE permission allowed SSH to work. So it > was a permissions issue, after all. Just not on the .ssh directory, or the > authorized_keys file ... Awesome that you found it! > Now, supposing I need that account to have group WRITE permissions (for > whatever reason), how would I have told SSH to disregard the perms on the > home folder? I ask for future reference only. I think I'd make a group writable sub-directory instead (configure your ftp server to point into there - or whatever software needs access to the writable spot). ssh needs strong perms on all the directories leading up to and including the .ssh directory and its contents - if they're not strong, then someone can potentially move (rename) the directory and substitute an alternate. Kyle -- Twitter: @kyleburton Blog: http://asymmetrical-view.com/ Fun: http://snapclean.me/ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Problems with password-less SSH - SOLVED
From: Tim Allen <flipper@peregrinesalon.com>

References:

[PLUG] Problems with password-less SSH
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] Problems with password-less SSH
From: "Kyle R. Burton" <kyle.burton@gmail.com>

Re: [PLUG] Problems with password-less SSH
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] Problems with password-less SSH
From: "Kyle R. Burton" <kyle.burton@gmail.com>

Re: [PLUG] Problems with password-less SSH
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] Problems with password-less SSH
From: "Paul W. Roach III" <paul@isaroach.com>

Re: [PLUG] Problems with password-less SSH - SOLVED
From: Mike Leone <turgon@mike-leone.com>

Prev by Date: Re: [PLUG] Apt-key problem

Next by Date: Re: [PLUG] Problems with password-less SSH - SOLVED

Previous by thread: Re: [PLUG] Problems with password-less SSH - SOLVED

Next by thread: Re: [PLUG] Problems with password-less SSH - SOLVED

Index(es):

Date

Thread