On Tue, Jan 1, 2013 at 8:19 AM, Glenn English <g...@slsware.com> wrote:
>
> On Dec 31, 2012, at 12:58 PM, Bob Proulx wrote:
>
> > Thore wrote:
> >> but there are still some problems.
> >> Mostly I login as root,
> >> so i had to use the .ssh directory in the /root folder and put my
> >> generated public key in the authorized_keys folder.
> >> But it didn't works.
>
> ssh is very touchy about root logins. That may be the trouble.
>
> I've never used putty, but there may be something in its config that needs
> to be changed from the default to allow it to try a root login.
>
> I know for sure there are defaults to be changed in sshd_config. There's a
> "PermitRootLogin" parameter. Its default has been "no" everywhere I've
> seen. But it can be changed to "yes", or to
> allow_root_login_with_key_authentication_only ("without-password").
>
> There's also a "AllowUsers" list of users allowed to log in in sshd_config
> that may be causing trouble.
>
> > The typical reason this does not work is because the file permission
> > is incorrect. What is the output of (example from my system):
> >
> > # ls -ld / /root /root/.ssh /root/.ssh/authorized_keys | cat
> > drwxr-xr-x 25 root root 4096 Dec 3 12:51 /
> > drwxr-xr-x 20 root root 4096 Dec 2 15:33 /root
> > drwx------ 2 root root 4096 Oct 29 2011 /root/.ssh
> > -rw-r----- 1 root root 1440 Oct 29 2011 /root/.ssh/authorized_keys
> >
> > If any of those are group or world writable then sshd will refuse the
> > file. Also look in /var/log/auth.log and /var/log/syslog too.
>
> That's right, but I'd remove any non-owner permissions from the files
> (already done for /root/.ssh). Inside the directory, consider owner rw only.
>
> --
> Glenn English
>
> This is correct, the main reason for this not working is if the key files
and/or authorized_keys file have wrong (too loose) permissions ie they are
world readable.
