Re: sshd Authentication refused

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"Rick Sewill wrote:"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> > 
> > The keys work except for ssh Fedora 12 -> Fedora 13. If you ssh
> > Fedora 13 -> Fedora 12 or ssh Fedora 12 -> Fedora 12 they work. If you
> > provide a password when sshing Fedora 13 -> Fedora 12 it works. Just
> > need to solve the issue of needing to provide a password.
> > 
> 
> I assume ssh Fedora 13 -> Fedora 13 works.

We only have one system running Fedora 13 so I'm not able to do this
test.

> 
> Could you compare the /etc/ssh/sshd_config file on Fedora 12 with the
> /etc/ssh/sshd_config file in Fedora 13?  Just guessing, but perhaps
> there is some option in the Fedora 13 sshd_config that needs tweaking.

Did this and only found comment differences.

> 
> I looked at http://www.openssh.org/faq.html
> The faq said,
> "3.14 - I copied my public key to authorized_keys but public-key
> authentication still doesn't work.
> 
> Typically this is caused by the file permissions on $HOME, $HOME/.ssh or
> $HOME/.ssh/authorized_keys being more permissive than sshd allows by
> default.

Yes, that would be an issue if we had done any copying, need to preserve
permissions and selinux acls.

> 
> In this case, it can be solved by executing the following on the server.
> 
>     $ chmod go-w $HOME $HOME/.ssh
>     $ chmod 600 $HOME/.ssh/authorized_keys $ chown `whoami`
> $HOME/.ssh/authorized_keys

Tried all of this before posting this query and still did not work.

> 
> If this is not possible for some reason, an alternative is to set
> StrictModes no in sshd_config, however this is not recommended."
> 
> I am wondering what happens if you put "StrictModes no" in the
> Fedora 13 /etc/ssh/sshd_config file.  This would only be for a test.
> They specifically said they do not recommend doing this so I wouldn't
> leave this option set this way, but I'm curious what happens.

Ran this test and it works.

> 
> Clarification please: is it true public key authentication doesn't work,
> Fedora 12 -> Fedora 13?  Does password authentication work,
> Fedora 12 -> Fedora 13?

Yes, public key fails and password works. This is looking like the issue
described in this bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=481233

The difference being Samba is not involved.

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAkw9a70ACgkQyc8Kn0p/AZTcBwCfRbs3EwkbC5acm2jWwYS4M8pv
> B/gAnj16vKbcIxswBfyx4BXagwKfhBhB
> =JXkJ
> -----END PGP SIGNATURE-----
> -- 
> users mailing list
> users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> 
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux