PHWinfo - Afficher un message

02/11/2006, 06h12

>>>>> "gsm" == gsm beamon <gsm.beamon@gmail.com> writes:

gsm> I've killed about 10+ hours configuring CVS to run over SSH. I
gsm> was having a problem until, out of desperation, I tried making
gsm> some chmods 755 --- and then success. Why is gosh-darn SSH so
gsm> picky?

gsm> I place a authorized_keys2 file in a UNIX user cvs' .ssh
gsm> directory and into another user smiller's .ssh directory.

gsm> The authorized_keys2 file of identical length and checksum in
gsm> both directories. The chmods on both copies is 755 (one copy in
gsm> /home/cvs/.ssh/authorized_keys2) and the second in
gsm> /home/smiller/.ssh/authorized_keys2). The cvs copy is owned by
gsm> cvs.cvs whereas the smiller copy is owned by
gsm> smiller.smiller. Similarly for the .ssh directory. Both are chmod
gsm> 755 and are owned by their respective owner and group.

gsm> The only gosh darn difference was that /home/cvs was chmod 755
gsm> cvs.cvs. But /home/smiller was chmod 777 smiller.smiller.

gsm> That tiny difference is what caused a ssh into smiller to require
gsm> a password but sshing in as cvs did not require a password i.e.

>> eval $( ssh-agent -s ) ssh-add [enter passcode] ssh -l cvs <host> #
>> this works; I'm logged in and no password is needed. ssh -l
>> smiller <host> # this does not work. I am asked for the password.

gsm> But if I change /home/smiller to 755 then volai

>> ssh -l smiller <host> # it works fine.

gsm> What is the deal? Honestly, what is the deal here?

% man sshd_config
....
StrictModes
Specifies whether sshd should check file modes and ownership of
the user's files and home directory before accepting login. This
is normally desirable because novices sometimes accidentally
leave their directory or files world-writable. The default is
``yes''.
....

--
Richard Silverman
res@qoxp.net

02/11/2006, 06h12	#2
Richard E. Silverman Messages: n/a Hébergeur:	Re: OH MY GOD! (What did I miss?) >>>>> "gsm" == gsm beamon <gsm.beamon@gmail.com> writes: gsm> I've killed about 10+ hours configuring CVS to run over SSH. I gsm> was having a problem until, out of desperation, I tried making gsm> some chmods 755 --- and then success. Why is gosh-darn SSH so gsm> picky? gsm> I place a authorized_keys2 file in a UNIX user cvs' .ssh gsm> directory and into another user smiller's .ssh directory. gsm> The authorized_keys2 file of identical length and checksum in gsm> both directories. The chmods on both copies is 755 (one copy in gsm> /home/cvs/.ssh/authorized_keys2) and the second in gsm> /home/smiller/.ssh/authorized_keys2). The cvs copy is owned by gsm> cvs.cvs whereas the smiller copy is owned by gsm> smiller.smiller. Similarly for the .ssh directory. Both are chmod gsm> 755 and are owned by their respective owner and group. gsm> The only gosh darn difference was that /home/cvs was chmod 755 gsm> cvs.cvs. But /home/smiller was chmod 777 smiller.smiller. gsm> That tiny difference is what caused a ssh into smiller to require gsm> a password but sshing in as cvs did not require a password i.e. >> eval $( ssh-agent -s ) ssh-add [enter passcode] ssh -l cvs <host> # >> this works; I'm logged in and no password is needed. ssh -l >> smiller <host> # this does not work. I am asked for the password. gsm> But if I change /home/smiller to 755 then volai >> ssh -l smiller <host> # it works fine. gsm> What is the deal? Honestly, what is the deal here? % man sshd_config .... StrictModes Specifies whether sshd should check file modes and ownership of the user's files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is ``yes''. .... -- Richard Silverman res@qoxp.net