SSH / permissions problem
pmeyer at themeyerfarm.com
Tue Jul 13 17:37:21 UTC 2010
On 07/13/2010 09:49 AM, Gary Stainburn wrote:
> Hi folks,
> This seems like de ja vu, but I can't find anything in the archives.
> I've got F13 on my laptop, and also on a new virtual server.
> I've copied my home directory from my old server to my new one and then tried
> to ssh to the new server. However, I have a problem
> If I ssh to root on the new server everything is fine, but if I ssh to my user
> I get errors and X forwarding doesn't work.
> Can anyone suggest things for me to look at / try.
> [gary at dcomp5 ~]$ ssh -Y -C lcomp3 -l root
> root at lcomp3's password:
> Last login: Tue Jul 13 16:04:20 2010 from gary.ringways.co.uk
> [root at lcomp3 ~]# kcalc
> [root at lcomp3 ~]# logout
> [gary at dcomp5 ~]$ ssh -Y -C lcomp3
> gary at lcomp3's password:
> Last login: Tue Jul 13 15:55:16 2010 from gary.ringways.co.uk
> /usr/bin/xauth: timeout in locking authority file /home/gary/.Xauthority
> [gary at lcomp3 ~]$ kcalc
> X11 connection rejected because of wrong authentication.
> kcalc: cannot connect to X server localhost:11.0
> [gary at lcomp3 ~]$
When you copy over a .ssh directory, there are at least two things to
$ scp -rp .ssh <target_host>:
2. do you really want your private key on the target system? Probably
all you wanted was to be able to login with ssh key authentication. To
do that, you should run:
$ ssh-copy-id <target_host>:
If you allow your private key to reside on other systems, then that key
can be used against you quite easily. If only the public key is exposed
in authorized_keys, your account is as secure as it can be.
Rule of thumb is: never expose a private key on a host with direct
internet access, like a web server. Use only one private key on your
desktop, and use ssh-copy-id to set up public keys for any remote ssh
If you want access to those servers from another system, like a laptop,
generate a new private key on the laptop and use ssh-copy-id again to
enable ssh access to the other systems.
More information about the users