All Forums |
Register |
Login |
Search |
Subscriptions |
My Profile |
Inbox |
Tool Warehouse |
FAQs |
Resources |
Help |
Member List |
Address Book |
Logout |
|
|
permissions issue with sshd
|
Logged in as: Guest |
Users viewing this topic: none |
|
Login |
|
|
permissions issue with sshd - Mar. 17, '06, 10:56:56 AM
|
|
|
kyley
Posts: 11
Joined: Nov. 16, '04,
Status: offline
|
i've got 2 servers that i've installed Windows 2003 R2 on, and then the opensshd package. same configuration for both servers. to server 1 i can perform a passwordless ssh to server 2 i cannot.
running sshd in debug mode i get:
bash-3.00$ /etc/init.d/sshd stop
sshd stopped
bash-3.00$ /usr/local/sbin/sshd -d
debug1: sshd version InteropSecShell_4.2p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-d'
sshd started version InteropSecShell_4.2
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
sshd started version InteropSecShell_4.2
debug1: inetd sockets after dupping: 3, 3
Connection from 10.216.179.42 port 1023
debug1: Client protocol version 1.5; client software version 1.2.27
debug1: no match: 1.2.27
debug1: Local version string SSH-1.99-InteropSecShell_4.2
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for username.
debug1: temporarily_use_uid: 1139216/1049089 (e=0/197121)
debug1: trying public RSA key file /dev/fs/C/homes/username/.ssh/authorized_keys
debug1: restore_uid: 0/197121
Failed rsa for username from 10.216.179.42 port 1023
Connection closed by 10.216.179.42
debug1: do_cleanup
bash-3.00$
on the client system i see
client1m:/ $ ssh -v username@server2
SSH Version 1.2.27 [i686-unknown-linux], protocol version 1.5.
Standard version. Does not use RSAREF.
client1: Reading configuration data /home/username/.ssh/config
client1: Reading configuration data /etc/ssh_config
client1: ssh_connect: getuid 25400 geteuid 0 anon 0
client1: Connecting to server2 [10.248.156.31] port 22.
client1: Allocated local port 1023.
client1: Connection established.
client1: Remote protocol version 1.99, remote software version InteropSecShell_4.2
client1: Waiting for server public key.
client1: Received server public key (768 bits) and host key (1024 bits).
client1: Host 'server2' is known and matches the host key
client1: Initializing random; seed file /home/username/.ssh/random_seed
client1: IDEA not supported, using 3des instead.
client1: Encryption type: 3des
client1: Sent encrypted session key.
client1: Installing crc compensation attack detector.
client1: Received encrypted confirmation.
client1: No agent.
client1: Trying RSA authentication with key 'username@client1'
client1: Server refused our key.
Permission denied.
client1:/ $
when i attempt to ssh into the other server it accepts the RSA key for the client and allows me in. i've got the same sshd_config and authorized_keys files on both servers. and the permissions on the username home dir, .ssh, and authorized_keys files are the same. any ideas for what else to check?
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 11:13:00 AM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
On which machine, for each of the users, is the user home directory?
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 11:15:36 AM
|
|
|
kyley
Posts: 11
Joined: Nov. 16, '04,
Status: offline
|
each of the servers has a local home directory in /dev/fs/C/homes/username there is a symlink /homes to /dev/fs/C/homes
the client system is /home/username
i should probably add that the client system is redhat 7.2 for what that is worth
-kyley
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 11:26:34 AM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Let's see what the permissions are for the SSH directory and it's
contents for the user to be logged in on the Interix box. And the user's
full identity:
ls -ld ~/.ssh
ls -l ~/.ssh
id -D
If you can show this output please.
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 11:32:04 AM
|
|
|
kyley
Posts: 11
Joined: Nov. 16, '04,
Status: offline
|
i've pm'd you the information you requested.
-kyley
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 12:00:07 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
thanks
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 12:05:58 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
That info looks fine.
Have you looked at the logs yet?
See what info is in /var/adm/log/messages from the server.
Anything?
I forgot to ask before, can you make the connection successfully using a password?
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 12:12:51 PM
|
|
|
kyley
Posts: 11
Joined: Nov. 16, '04,
Status: offline
|
the messages log just says that the user failed RSA and the connection was closed. i can indeed log in using the account password
-kyley
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 12:59:56 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
hmmm, okay.
So the server itself is running fine and you can login by password.
The SSH files look fine for location and permissions.
I have to ask the obvious question then, have you verified the key generated
from the server side was correctly copied to the client .ssh/authorized_keys file?
Have you tried regenerating it?
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 1:32:08 PM
|
|
|
kyley
Posts: 11
Joined: Nov. 16, '04,
Status: offline
|
i haven't regenerated it. however, the it's the same keyfile that was published to the 2 servers, the one that works and the one that doesn't.
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 2:10:21 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Just to be sure, on the Interix machine you ran "ssh-keygen -t rsa"
as the user being for getting logged in and then copied this into the
authorized_keys file on the client.
If the server keys ever get regenerated then all of the client keys need to
get regenerated too.
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 5:34:58 PM
|
|
|
kyley
Posts: 11
Joined: Nov. 16, '04,
Status: offline
|
tried to generate new keys, both rsa and rsa1. in both cases the i got a failure on the public keys and then a prompt to enter a password.
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 6:24:17 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Everything keeps looking like things are set right.
There's something "easy" that isn't set right.
For the user logging in: you set the home directory in the user database, right?
When you do "finger <username>" you see the matching home directory in the output
to what you think it should be for the user? (not "/").
|
|
|
RE: permissions issue with sshd - Mar. 17, '06, 7:05:51 PM
|
|
|
kyley
Posts: 11
Joined: Nov. 16, '04,
Status: offline
|
yes, finger shows the path to the local home directory where we have the .ssh keys. i agree, this *should* be working, but it's not. one thing i did do was install the SUA and sshd package logged in as the local administrator. i've checked the setuid, and that is turned on. i'm just not sure why the permission failure is occuring.
|
|
|
RE: permissions issue with sshd - Mar. 20, '06, 12:56:54 PM
|
|
|
kyley
Posts: 11
Joined: Nov. 16, '04,
Status: offline
|
i'm at a lost here, any other things you might suggest to take a look at or try?
-kyley
|
|
|
RE: permissions issue with sshd - Mar. 20, '06, 1:23:12 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
> i'm at a lost here, any other things you might suggest to take a look at or try?
It must be something "dumb-obvious" because it's so close to working (and does work on many other systems).
The home directory is fine, the ".ssh" directory and content are permission fine, your key is fine.
I think I assumed you'd tried a reboot, did you?
Does the daemon show itself as running as uid 197108 ? ("ps -Aln | grep sshd")
|
|
|
RE: permissions issue with sshd - Mar. 20, '06, 1:39:51 PM
|
|
|
kyley
Posts: 11
Joined: Nov. 16, '04,
Status: offline
|
yep, have rebooted multiple times through out the trouble shooting.
% ps -Aln | grep sshd
Ss 197108 1937 1 2 872 4a7d0502 - 0:00.36 sshd
%
could there be a problem with the permissions around the forking that occurs when someone attempts to login via rsa keys?
|
|
|
RE: permissions issue with sshd - Mar. 20, '06, 2:51:36 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
The daemon is running as the right user (197108).
The forking has nothing to do with it.
Way back up in this thread you showed the info from the server as:
> debug 1: Trying public RSA key file ...
> debug 1: restore_uid: 0/197121
which indicates that the deamon didn't like "something" about the file
(permissions, content). So it's the file permissions, directory perms
leading to the file or the file content.
You sent me file permission before and they looked fine (same as what
is expected and should be on everyone's system). The immediate ".ssh"
directory was okay too. So one of the parent directories being too
restrictive?
|
|
|
RE: permissions issue with sshd - Mar. 23, '06, 1:42:08 PM
|
|
|
kyley
Posts: 11
Joined: Nov. 16, '04,
Status: offline
|
i've gone back through and made sure the directory permissions are the same on both servers. a little tweaking did have to be done. I then verified that the 2 authorized_keys files are indeed the same, they are. still getting that same permissions error when trying passwordless. challenge/response entering a password works fine
|
|
|
New Messages |
No New Messages |
Hot Topic w/ New Messages |
Hot Topic w/o New Messages |
|
Locked w/ New Messages |
Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
|