On Thu, 2011-10-20 at 23:40 -0600, Bob Proulx wrote: > Joao Ferreira Gmail wrote: > > a) user jane on one system transfers her public DSA key to account john > > at a given remote host. it works. jane accesses john's account without > > typing a password. > > > > b) now the same user jane transfers her public DSA key to account mary > > at the _same_ remote host. it does not work. she get's prompted for a > > passord (she get's access by typing mary's password) > > > > my guess is that there must be some difference between john and mary > > accounts. I can not realise what it is (shell is bash on both). > > Usually people trip over permissions being too open. Assuming you are > using /home try this to look at the permissions. > > $ ls -ld /home /home/mary /home/mary/.ssh /home/mary/.ssh/authorized_keys > drwxr-xr-x 9 root root 4096 Feb 28 2011 /home > drwxr-xr-x 126 mary mary 16384 Oct 20 23:17 /home/mary > drwx------ 2 mary mary 4096 Sep 29 18:31 /home/mary/.ssh > -rw-r--r-- 1 mary mary 809 Oct 28 2010 /home/mary/.ssh/authorized_keys >
:) bull's eye :) /home/mary was 775. changed it to 755 and it immediately worked. Thank you João > All of those directories should be writable only by the owner and the > owner should be mary. The typical problem is that people will have > one of those files to be group writable. In that case sshd refuses > the authorized_keys file due to the possibility that another user can > write to the file. > > > Please find bellow the output of "ssh -vvv ...." for both situations. > > The verbose output of the sshd would be more helpful. Easiest to run > it on another port temporarily. > > # /usr/sbin/sshd -d -p 2222 > > And then try to log into it on that other port. > > jane@localhost:~$ ssh -p 2222 localhost > > You might see an error like this one on the sshd server debug side: > > Authentication refused: bad ownership or modes for directory /home/mary > > Bob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1319187918.2430.4.ca...@wheejy.critical.pt
