Free Downloads, Community Forum,
FAQs and Developer Resources


Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums Register Login Search Subscriptions My Profile Inbox
Tool Warehouse FAQs Resources Help Member List Address Book Logout

permissions issue with sshd

 
Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [SFU / Interix / SUA Technology] >> Tools Discussion Forum >> permissions issue with sshd Page: [1]
Login
Message << Older Topic   Newer Topic >>
permissions issue with sshd - Mar. 17, '06, 10:56:56 AM   
kyley

 

Posts: 11
Joined: Nov. 16, '04,
Status: offline
i've got 2 servers that i've installed Windows 2003 R2 on, and then the opensshd package. same configuration for both servers. to server 1 i can perform a passwordless ssh to server 2 i cannot.

running sshd in debug mode i get:
bash-3.00$ /etc/init.d/sshd stop
sshd stopped
bash-3.00$ /usr/local/sbin/sshd -d
debug1: sshd version InteropSecShell_4.2p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-d'
sshd started version InteropSecShell_4.2
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
sshd started version InteropSecShell_4.2
debug1: inetd sockets after dupping: 3, 3
Connection from 10.216.179.42 port 1023
debug1: Client protocol version 1.5; client software version 1.2.27
debug1: no match: 1.2.27
debug1: Local version string SSH-1.99-InteropSecShell_4.2
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for username.
debug1: temporarily_use_uid: 1139216/1049089 (e=0/197121)
debug1: trying public RSA key file /dev/fs/C/homes/username/.ssh/authorized_keys
debug1: restore_uid: 0/197121
Failed rsa for username from 10.216.179.42 port 1023
Connection closed by 10.216.179.42
debug1: do_cleanup
bash-3.00$

on the client system i see

client1m:/ $ ssh -v username@server2
SSH Version 1.2.27 [i686-unknown-linux], protocol version 1.5.
Standard version. Does not use RSAREF.
client1: Reading configuration data /home/username/.ssh/config
client1: Reading configuration data /etc/ssh_config
client1: ssh_connect: getuid 25400 geteuid 0 anon 0
client1: Connecting to server2 [10.248.156.31] port 22.
client1: Allocated local port 1023.
client1: Connection established.
client1: Remote protocol version 1.99, remote software version InteropSecShell_4.2
client1: Waiting for server public key.
client1: Received server public key (768 bits) and host key (1024 bits).
client1: Host 'server2' is known and matches the host key
client1: Initializing random; seed file /home/username/.ssh/random_seed
client1: IDEA not supported, using 3des instead.
client1: Encryption type: 3des
client1: Sent encrypted session key.
client1: Installing crc compensation attack detector.
client1: Received encrypted confirmation.
client1: No agent.
client1: Trying RSA authentication with key 'username@client1'
client1: Server refused our key.
Permission denied.
client1:/ $

when i attempt to ssh into the other server it accepts the RSA key for the client and allows me in. i've got the same sshd_config and authorized_keys files on both servers. and the permissions on the username home dir, .ssh, and authorized_keys files are the same. any ideas for what else to check?
Post #: 1
RE: permissions issue with sshd - Mar. 17, '06, 11:13:00 AM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
On which machine, for each of the users, is the user home directory?

(in reply to kyley)
Post #: 2
RE: permissions issue with sshd - Mar. 17, '06, 11:15:36 AM   
kyley

 

Posts: 11
Joined: Nov. 16, '04,
Status: offline
each of the servers has a local home directory in /dev/fs/C/homes/username there is a symlink /homes to /dev/fs/C/homes

the client system is /home/username

i should probably add that the client system is redhat 7.2 for what that is worth

-kyley

(in reply to Rodney)
Post #: 3
RE: permissions issue with sshd - Mar. 17, '06, 11:26:34 AM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
Let's see what the permissions are for the SSH directory and it's
contents for the user to be logged in on the Interix box. And the user's
full identity:
ls -ld ~/.ssh
ls -l ~/.ssh
id -D

If you can show this output please.

(in reply to kyley)
Post #: 4
RE: permissions issue with sshd - Mar. 17, '06, 11:32:04 AM   
kyley

 

Posts: 11
Joined: Nov. 16, '04,
Status: offline
i've pm'd you the information you requested.

-kyley

(in reply to Rodney)
Post #: 5
RE: permissions issue with sshd - Mar. 17, '06, 12:00:07 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
thanks

(in reply to kyley)
Post #: 6
RE: permissions issue with sshd - Mar. 17, '06, 12:05:58 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
That info looks fine.

Have you looked at the logs yet?
See what info is in /var/adm/log/messages from the server.
Anything?

I forgot to ask before, can you make the connection successfully using a password?

(in reply to Rodney)
Post #: 7
RE: permissions issue with sshd - Mar. 17, '06, 12:12:51 PM   
kyley

 

Posts: 11
Joined: Nov. 16, '04,
Status: offline
the messages log just says that the user failed RSA and the connection was closed. i can indeed log in using the account password

-kyley

(in reply to Rodney)
Post #: 8
RE: permissions issue with sshd - Mar. 17, '06, 12:59:56 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
hmmm, okay.
So the server itself is running fine and you can login by password.
The SSH files look fine for location and permissions.
I have to ask the obvious question then, have you verified the key generated
from the server side was correctly copied to the client .ssh/authorized_keys file?
Have you tried regenerating it?

(in reply to kyley)
Post #: 9
RE: permissions issue with sshd - Mar. 17, '06, 1:32:08 PM   
kyley

 

Posts: 11
Joined: Nov. 16, '04,
Status: offline
i haven't regenerated it. however, the it's the same keyfile that was published to the 2 servers, the one that works and the one that doesn't.

(in reply to Rodney)
Post #: 10
RE: permissions issue with sshd - Mar. 17, '06, 2:10:21 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
Just to be sure, on the Interix machine you ran "ssh-keygen -t rsa"
as the user being for getting logged in and then copied this into the
authorized_keys file on the client.

If the server keys ever get regenerated then all of the client keys need to
get regenerated too.

(in reply to kyley)
Post #: 11
RE: permissions issue with sshd - Mar. 17, '06, 5:34:58 PM   
kyley

 

Posts: 11
Joined: Nov. 16, '04,
Status: offline
tried to generate new keys, both rsa and rsa1. in both cases the i got a failure on the public keys and then a prompt to enter a password.

(in reply to Rodney)
Post #: 12
RE: permissions issue with sshd - Mar. 17, '06, 6:24:17 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
Everything keeps looking like things are set right.
There's something "easy" that isn't set right.
For the user logging in: you set the home directory in the user database, right?
When you do "finger <username>" you see the matching home directory in the output
to what you think it should be for the user? (not "/").

(in reply to kyley)
Post #: 13
RE: permissions issue with sshd - Mar. 17, '06, 7:05:51 PM   
kyley

 

Posts: 11
Joined: Nov. 16, '04,
Status: offline
yes, finger shows the path to the local home directory where we have the .ssh keys. i agree, this *should* be working, but it's not. one thing i did do was install the SUA and sshd package logged in as the local administrator. i've checked the setuid, and that is turned on. i'm just not sure why the permission failure is occuring.

(in reply to Rodney)
Post #: 14
RE: permissions issue with sshd - Mar. 20, '06, 12:56:54 PM   
kyley

 

Posts: 11
Joined: Nov. 16, '04,
Status: offline
i'm at a lost here, any other things you might suggest to take a look at or try?

-kyley

(in reply to kyley)
Post #: 15
RE: permissions issue with sshd - Mar. 20, '06, 1:23:12 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
> i'm at a lost here, any other things you might suggest to take a look at or try?

It must be something "dumb-obvious" because it's so close to working (and does work on many other systems).

The home directory is fine, the ".ssh" directory and content are permission fine, your key is fine.
I think I assumed you'd tried a reboot, did you?
Does the daemon show itself as running as uid 197108 ? ("ps -Aln | grep sshd")

(in reply to kyley)
Post #: 16
RE: permissions issue with sshd - Mar. 20, '06, 1:39:51 PM   
kyley

 

Posts: 11
Joined: Nov. 16, '04,
Status: offline
yep, have rebooted multiple times through out the trouble shooting.

% ps -Aln | grep sshd
Ss 197108 1937 1 2 872 4a7d0502 - 0:00.36 sshd
%

could there be a problem with the permissions around the forking that occurs when someone attempts to login via rsa keys?

(in reply to Rodney)
Post #: 17
RE: permissions issue with sshd - Mar. 20, '06, 2:51:36 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
The daemon is running as the right user (197108).

The forking has nothing to do with it.
Way back up in this thread you showed the info from the server as:
> debug 1: Trying public RSA key file ...
> debug 1: restore_uid: 0/197121

which indicates that the deamon didn't like "something" about the file
(permissions, content). So it's the file permissions, directory perms
leading to the file or the file content.

You sent me file permission before and they looked fine (same as what
is expected and should be on everyone's system). The immediate ".ssh"
directory was okay too. So one of the parent directories being too
restrictive?

(in reply to kyley)
Post #: 18
RE: permissions issue with sshd - Mar. 23, '06, 1:42:08 PM   
kyley

 

Posts: 11
Joined: Nov. 16, '04,
Status: offline
i've gone back through and made sure the directory permissions are the same on both servers. a little tweaking did have to be done. I then verified that the 2 authorized_keys files are indeed the same, they are. still getting that same permissions error when trying passwordless. challenge/response entering a password works fine

(in reply to Rodney)
Post #: 19
Page:   [1]
All Forums >> [SFU / Interix / SUA Technology] >> Tools Discussion Forum >> permissions issue with sshd Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Search All Forums -

Advanced search


SPONSORS



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.047