Andrew Sackville-West([EMAIL PROTECTED]) is reported to have said: > On Wed, Sep 19, 2007 at 01:42:48PM -0400, Wayne Topa wrote: > > ... > > > I agree Andrew. Other then reading the mail today I am going to be > > looking into the problem, as it was, to see if I can figure out > > exactly, why the problem occured and what package the bug report > > should be filed against. > > > > well its interesting that it cares what the parent directory perms are > (from your other mail in this thread). I would think the .ssh > directory would be sufficient. I'm not sure where to report the > problem as well. Things that occur to me: does ssh-copy-id assume that > /home/$USER has the correct perms without checking?
It must, as I used ssh-copy-id to send the public key from 5 boxes to the to 3 accounts on the server, including the one with the bad perms. It did not throw any errors. > > if so, on what is > that assumption based and who sets that perm (adduser perhaps?)? > That's where I see the breakdown. Either ssh-copy-id isn't doing a > sufficient job of checking or its assumptions are faulty. You are correct Douglas. I just did the following: 1. Moved the ~USER/.ssh file to good.ssh, on the server 2. Changed the perms on /home/USER to 770 3. On the AND64 box did ssh-copy-id -i .ssh/id_dsa.pub server (not [EMAIL PROTECTED]) Replied with password when asked. Then ssh'ed to server as asked. Was asked for password and connected when PW supplied. 4. Repeated the above but with ssh-copy-id -i .ssh/id_dsa.pub [EMAIL PROTECTED] The results were the same as above. Note: The perms on the .ssh dir and the authorized_keys file created by ssh-copy-id were correct, 600. ssh-copy-id does not check (care) about perms of /home/USER. I don't know if that should be called a bug though, as ssh still works, just not in password-less mode. I do think that a mention should be included in one of the the man pages. A Wish-list for a note about the perms of ~/home/use being included the ssh and/or ssh-copy-id man pages would be sufficient, I would think. Wayne -- Plug-and-Play is really nice, unfortunately it only works 50% of the time. To be specific the "Plug" almost always works. --unknown source _______________________________________________________ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
