"Rick Sewill wrote:" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/13/2010 01:43 PM, Kevin Fenzi wrote: > > On Tue, 13 Jul 2010 11:16:46 -0700 (PDT) > > David Highley <dhighley@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > >> New install of Fedora 13 we get the following /var/log/secure entry > >> when we ssh from a Fedora 12 system to the Fedora 13 system: > >> Authentication refused: bad ownership or modes for > >> file /home/dhighley/.ssh/authorized_keys > >> > >> We have checked and tried different modes until we are blue in the > >> face. Have read the upates notes for openssh and Fedora 13 release. > >> Googled the net for know issues and bugzilla.redhat.com. We did check > >> for selinux blocks and found none. > >> > >> User home directory is auto NFS mounted and we use NIS. This works > >> Fedora 12 to Fedora 12. > > > > You may want to use 'ssh-copy-id' to copy the key over to the f13 > > system. That will setup the right permissions and such automatically > > for you. Where would I copy it if I'm using auto mounted home directories? > > > > Also, you will want to see if there are any selinux alerts on the f13 > > machine. 'ausearch -m avc -ts today' can list the ones from today. See above, we did check for selinux denials. We also did a restorcon -v -R .ssh just in case and nothing changed. > > > > kevin > > > > I cannot explain how f12 <--> f12 works, but f12 <--> f13 does not. > I can only guess there is something different for the NFS mount -or- > something different regarding NIS. > > ===== > > One possibility, which I consider very, very remote is the following. > > I may be wrong but I think the ownership and modes for all the parent > directories from your /home/dhighley/.ssh directory also matter. Directory .ssh has mode of 700. File .ssh/authorized_keys has a mode of 600 Home directory dhighley has a mode of 750 All are owned by the user and the user's group. > > I assume you made sure /home/dhighley/.ssh is mode 700. > What is the mode of /home/dhlighley? Is it 755 (I think that's okay). > I think any write mode for group or other would be bad. > I assume /home/dhlighley is owned by you, the user. > > What about /home? Who owns it? What is it's mode? > I think root must own it. > I think only root should have write access to it. Mode of /home is 755 and owned by root on the NFS server and the client Fedora 13 system. > > I actually assume the ownership and modes are all correct...the > possibility of this being the problem seems exceedingly rare to me, but > please check. > > ===== > > Another possibility, which I also consider remote, but is worth asking. > On the f13 machine, when you log in as dhlighley, is the user name only > found in NIS? On occasion, if one is testing something new, one might > put in a local account in the /etc/passwd file, and forget it is there. > Depending on your /etc/nsswitch.conf file, the local file is probably > checked before NIS. There are no local user file entries on the Fedora 13 system. > > Sorry, can't think of anything else. Others have already mentioned selinux. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkw8ubMACgkQyc8Kn0p/AZSC9wCePd3r5B52EBYAQ7mQtRsPWeql > 99AAn2UBA4uvL7lvX9zBF2mm82OYObu9 > =xTPl > -----END PGP SIGNATURE----- > -- > users mailing list > users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
