On Thursday 10 June 2010 20:32:50 Mike Williams wrote: > On Thu, Jun 10, 2010 at 6:45 AM, Barry Scott <barry.scott@xxxxxxxxxxxx> wrote: > > We are seeing an sshd_config that used to work on f12 failing on f13. > > > > When doing ssh root@host: > > Jun 10 11:34:32 f12barry sshd[23030]: Failed publickey for root from 192.168.7.232 port 39169 ssh2 > > > > Notice the public key file is //.ssh/authorized_keys. > > > > -------------------sshd_config-------------- > > Port 22 > > I have two suggestions and a couple comments for you. This is a know bug with the openssh sources in F13. There is a patched openssh that will hit updates soon. > 1) comment out the line with AuthorizedKeysFile The AuthorizedKeysFile lines is not parsed correctly. Its is always turned into an abs path. This is the bug the the update will fix. > > In comparing your sshd_config with one from a working f13 system I > noticed that I had that line commented out, when I uncommented I got a > failure similar to what you mentioned. > > 2) modify the AuthorizedKeysFile to match the line below (the %h > causes sshd to look in $HOME/.ssh) > > AuthorizedKeysFile %h/.ssh/authorized_keys I used: AuthorizedKeysFile /%h/.ssh/authorized_keys which works inspite of the bug. > > Both of the above worked for me, after I broke the system by > uncommenting the AutorizedKeysFile line. > > Your log it lists port 39169, but the sshd_config you posted has Port > 22 - I'm guessing what you posted as your sshd_config doesn't match > what was in place when the log messages occurred. That will be the clients port not the server port. > > I never allow root login, it just seems like asking for big trouble. > I always set PermitRootLogin no and use sudo or su - as needed after > logging in as a normal user, which seems much safer. In general I agree but in the case of the product this script comes from its not. The user can turn off SSH from the products web ui if they are concerned. > Please post another message saying whether or not the > AuthorizedKeysFile change(s) worked for you. Done. Barry -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
