AIXThis forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Guess you see how is that VERY wrong. I could explain it better if you went back and added the tags [code] and [/code] to your older messages. (Yes, that's what [Edit] button is good for.)
From the Linux box using ssh-copy-id to add the key to the AIX machine; if you cut and pasted the key into authorized_keys via a terminal it may have added an extra line break or other characters. Try running sshd directly with multiple '-d' options, when you connect to it from the linux machine look for any messages referencing public key or the authorized_keys file.
Hi wingnut64,
I am not expert at linux side. Can you please explain steps in details.
And one more thing, I used same steps for Linux to AIX which is working fine.
ls -ld ~
drwxrwxrwx. 37 <username> <group> 4096 Jan 22 15:42 /home/sybasedev
This means anyone on this computer is allowed to enter your home-directory, remove your .ssh directory, and create a new one with any content he wishes.
Solution:
Code:
chmod 0750 ~ # or 0755, or 0700 depending or your preferences
ls -ld ~ ~/.ssh ~/.ssh/authorized_keys
Note: That dot (drwxrwxrwx.) still bugs me, if I were you, I would become root, and do the following:
Code:
cd /home
mv sybasedev sybasedev.old
mkdir sybasedev
chown <username>:<group> sybasedev
chmod 0750 sybasedev
cp -a sybasedev.old/* sybasedev
Last edited by NevemTeve; 01-23-2014 at 03:44 AM.
Reason: forgot 'chmod'
I can not change permission for that folder as this folder is accessed by some more users. Instead of that i can move .ssh folder anywhere if required.
> I can not change permission for that folder as this folder is accessed by some more users. Instead of that i can move .ssh folder anywhere if required.
In this case create a new linux-user with an own home-directory, and let the new user do the file-transfer.
Note: sharing your home-directory with others is extremely dangerous, and against every unix-traditions. Instead you should create a /var/local/shared-data directory for this.
Hi wingnut64,
I am not expert at linux side. Can you please explain steps in details.
And one more thing, I used same steps for Linux to AIX which is working fine.
You'll almost certainly have different versions of openssh on the 2 boxes anyway, and from what I understand above there are permissions on your AIX home directory that sshd won't like when using public keys.
Code:
ssh-copy-id -i ~/.ssh/yourkey.pub user@aixbox
ssh-copy-id is nice because it can fix permission issues on the .ssh directory & SELinux and eliminates typos or whitespace pasting in the key.
To debug the login from the AIX box's ssh server, do:
Code:
stopsrc -s sshd
/usr/sbin/sshd -d -d -d
Now when you login you'll get a few screenfulls of debugging information that might point to where it is having trouble with the key. Note that in debug mode sshd will exit after the first client disconnects and this will obviously prevent new ssh logins until you restart sshd with startsrc. It would probably be safer to run the server in debug mode on a different port (-p option), especially if this is a production box.
The problem is the AIX pub key and the linux authorized_keys, since that is what is asking you for pass.
Try a few other things to see if you can reduce where you are looking. Do you have another linux or unix box? If you have a third box:
1) try copying aix pub key to itself and see if you can ssh localhost without pass (test the aix key pair)
2) try copying linux pub key to itself and see if you can ssh localhost without pass (test authorized_keys on linux)
3) try copying the aix pub key to the third box.
4) try copying pub key from third box to target linux box
HOpefully that should give you some hints
As far as why, I have once in awhile seen stuff happened that boggled my mind. The same thing you are mentioning above happened to me with two linux servers A and B
A -> B no prob
B -> A could not
I repeated the steps over and over and it drove me crazy
Eventually on linux I found that using ssh-copy-id worked.
ls -ld ~
drwxrwxrwx. 37 <username> <group> 4096 Jan 22 15:42 /home/sybasedev
As far as I know, SSH will ignore the authorized_keys file if your home directory is world accessible like this. It certainly does on my machine.
As others have also suggested, I'd recommend that you test this with another user account to confirm that this is the problem. I'd then strongly recommend that you change the permissions. If there are some files that need to be accessed by multiple users, 2 suggestions:
1. Move it to a separate directory, outside of anybody's home directory
2. Put all those users in a common group, and restrict the permissions to the group, rather than giving everyone on the machine full access.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.