LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-11-2011, 03:43 AM   #1
doru
Member
 
Registered: Sep 2008
Distribution: Ubuntu 8.04 LTS Server
Posts: 138

Rep: Reputation: 19
ssh won't connect with too many permissions


I connect through ssh (putty) using a user authentication public key stored on the ssh server in ~/.ssh/authorized_keys. Permissions for ~ are 750. When I change them to 757 I can't connect anymore - connection by key is not accepted by server. How is this possible?
 
Old 07-11-2011, 03:45 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
it's possible because that's the way it works. that data is PRIVATE and you're making ANYONE able to read it. So another user could trivially add a key to YOUR config and login as you. Why would you want to change it in the first place??
 
Old 07-11-2011, 04:00 AM   #3
doru
Member
 
Registered: Sep 2008
Distribution: Ubuntu 8.04 LTS Server
Posts: 138

Original Poster
Rep: Reputation: 19
Quote:
Originally Posted by acid_kewpie View Post
it's possible because that's the way it works. that data is PRIVATE and you're making ANYONE able to read it. So another user could trivially add a key to YOUR config and login as you. Why would you want to change it in the first place??
You say that sshd checks the permissions for the home directory where ~/.ssh/authorized_keys is stored? The permissions for ~/.ssh are still 700, and for authorized_keys are 644 (read for everbody, write for owner).

I did this stupid thing while trying to make local mail work, but now it works with the right permissions. Anyway, are you sure that sshd is checking the permissions of the ~ directory? I did not expect this behaviour.

Thank you for your answer.
 
Old 07-11-2011, 01:49 PM   #4
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,511

Rep: Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656
OpenSSH

Yes, it checks the permissions on your home folder.

Check out the man page.
 
Old 07-11-2011, 01:52 PM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by doru
Anyway, are you sure that sshd is checking the permissions of the ~ directory? I did not expect this behaviour.
Yes. It's enabled by default (StrictModes), and this is a good thing.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VNC won't connect to local PC via SSH MykeV Linux - Networking 2 08-27-2007 12:01 AM
[SSH] Issue logging in [SSH & Permissions] MD3 Linux - Networking 11 12-10-2006 09:25 AM
SSH won't connect from outside IP's surfduke Mandriva 8 12-28-2004 10:36 PM
SSH Won't allow me to connect predator.hawk Slackware 16 11-09-2004 12:53 PM
SSH localhost is fine, IPs won't connect zzero Linux - Networking 4 03-24-2004 01:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration