sshd Authentication refused
rsewill at gmail.com
Tue Jul 13 19:08:36 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 07/13/2010 01:43 PM, Kevin Fenzi wrote:
> On Tue, 13 Jul 2010 11:16:46 -0700 (PDT)
> David Highley <dhighley at highley-recommended.com> wrote:
>> New install of Fedora 13 we get the following /var/log/secure entry
>> when we ssh from a Fedora 12 system to the Fedora 13 system:
>> Authentication refused: bad ownership or modes for
>> file /home/dhighley/.ssh/authorized_keys
>> We have checked and tried different modes until we are blue in the
>> face. Have read the upates notes for openssh and Fedora 13 release.
>> Googled the net for know issues and bugzilla.redhat.com. We did check
>> for selinux blocks and found none.
>> User home directory is auto NFS mounted and we use NIS. This works
>> Fedora 12 to Fedora 12.
> You may want to use 'ssh-copy-id' to copy the key over to the f13
> system. That will setup the right permissions and such automatically
> for you.
> Also, you will want to see if there are any selinux alerts on the f13
> machine. 'ausearch -m avc -ts today' can list the ones from today.
I cannot explain how f12 <--> f12 works, but f12 <--> f13 does not.
I can only guess there is something different for the NFS mount -or-
something different regarding NIS.
One possibility, which I consider very, very remote is the following.
I may be wrong but I think the ownership and modes for all the parent
directories from your /home/dhighley/.ssh directory also matter.
I assume you made sure /home/dhighley/.ssh is mode 700.
What is the mode of /home/dhlighley? Is it 755 (I think that's okay).
I think any write mode for group or other would be bad.
I assume /home/dhlighley is owned by you, the user.
What about /home? Who owns it? What is it's mode?
I think root must own it.
I think only root should have write access to it.
I actually assume the ownership and modes are all correct...the
possibility of this being the problem seems exceedingly rare to me, but
Another possibility, which I also consider remote, but is worth asking.
On the f13 machine, when you log in as dhlighley, is the user name only
found in NIS? On occasion, if one is testing something new, one might
put in a local account in the /etc/passwd file, and forget it is there.
Depending on your /etc/nsswitch.conf file, the local file is probably
checked before NIS.
Sorry, can't think of anything else. Others have already mentioned selinux.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the users