LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > AIX
User Name
Password
AIX This forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.

Notices



Reply
 
Search this Thread
Old 01-22-2014, 09:25 AM   #16
NevemTeve
Senior Member
 
Registered: Oct 2011
Location: Budapest
Distribution: Debian/GNU/Linux, AIX
Posts: 1,948

Rep: Reputation: 524Reputation: 524Reputation: 524Reputation: 524Reputation: 524Reputation: 524

Guess you see how is that VERY wrong. I could explain it better if you went back and added the tags [code] and [/code] to your older messages. (Yes, that's what [Edit] button is good for.)
 
Old 01-22-2014, 05:48 PM   #17
wingnut64
Member
 
Registered: Sep 2004
Distribution: AIX, RHEL, Gentoo, Arch
Posts: 30

Rep: Reputation: 3
From the Linux box using ssh-copy-id to add the key to the AIX machine; if you cut and pasted the key into authorized_keys via a terminal it may have added an extra line break or other characters. Try running sshd directly with multiple '-d' options, when you connect to it from the linux machine look for any messages referencing public key or the authorized_keys file.
 
Old 01-23-2014, 12:44 AM   #18
niranjan741
LQ Newbie
 
Registered: Jan 2014
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi wingnut64,
I am not expert at linux side. Can you please explain steps in details.
And one more thing, I used same steps for Linux to AIX which is working fine.
 
Old 01-23-2014, 04:30 AM   #19
NevemTeve
Senior Member
 
Registered: Oct 2011
Location: Budapest
Distribution: Debian/GNU/Linux, AIX
Posts: 1,948

Rep: Reputation: 524Reputation: 524Reputation: 524Reputation: 524Reputation: 524Reputation: 524
Code:
ls -ld ~
drwxrwxrwx. 37 <username> <group> 4096 Jan 22 15:42 /home/sybasedev
This means anyone on this computer is allowed to enter your home-directory, remove your .ssh directory, and create a new one with any content he wishes.

Solution:

Code:
chmod 0750 ~ # or 0755, or 0700 depending or your preferences
ls -ld ~ ~/.ssh ~/.ssh/authorized_keys
Note: That dot (drwxrwxrwx.) still bugs me, if I were you, I would become root, and do the following:
Code:
cd /home
mv sybasedev sybasedev.old
mkdir sybasedev
chown <username>:<group> sybasedev
chmod 0750 sybasedev
cp -a sybasedev.old/* sybasedev

Last edited by NevemTeve; 01-23-2014 at 04:44 AM. Reason: forgot 'chmod'
 
Old 01-23-2014, 05:05 AM   #20
niranjan741
LQ Newbie
 
Registered: Jan 2014
Posts: 10

Original Poster
Rep: Reputation: Disabled
I can not change permission for that folder as this folder is accessed by some more users. Instead of that i can move .ssh folder anywhere if required.
 
Old 01-23-2014, 05:12 AM   #21
NevemTeve
Senior Member
 
Registered: Oct 2011
Location: Budapest
Distribution: Debian/GNU/Linux, AIX
Posts: 1,948

Rep: Reputation: 524Reputation: 524Reputation: 524Reputation: 524Reputation: 524Reputation: 524
> I can not change permission for that folder as this folder is accessed by some more users. Instead of that i can move .ssh folder anywhere if required.

In this case create a new linux-user with an own home-directory, and let the new user do the file-transfer.

Note: sharing your home-directory with others is extremely dangerous, and against every unix-traditions. Instead you should create a /var/local/shared-data directory for this.
 
Old 01-23-2014, 11:58 AM   #22
wingnut64
Member
 
Registered: Sep 2004
Distribution: AIX, RHEL, Gentoo, Arch
Posts: 30

Rep: Reputation: 3
Quote:
Originally Posted by niranjan741 View Post
Hi wingnut64,
I am not expert at linux side. Can you please explain steps in details.
And one more thing, I used same steps for Linux to AIX which is working fine.
You'll almost certainly have different versions of openssh on the 2 boxes anyway, and from what I understand above there are permissions on your AIX home directory that sshd won't like when using public keys.

Code:
ssh-copy-id -i ~/.ssh/yourkey.pub user@aixbox
ssh-copy-id is nice because it can fix permission issues on the .ssh directory & SELinux and eliminates typos or whitespace pasting in the key.

To debug the login from the AIX box's ssh server, do:

Code:
stopsrc -s sshd
/usr/sbin/sshd -d -d -d
Now when you login you'll get a few screenfulls of debugging information that might point to where it is having trouble with the key. Note that in debug mode sshd will exit after the first client disconnects and this will obviously prevent new ssh logins until you restart sshd with startsrc. It would probably be safer to run the server in debug mode on a different port (-p option), especially if this is a production box.
 
Old 02-28-2014, 01:24 PM   #23
byau
Member
 
Registered: Sep 2009
Location: Los Angeles, CA
Posts: 32

Rep: Reputation: 5
The problem is the AIX pub key and the linux authorized_keys, since that is what is asking you for pass.

Try a few other things to see if you can reduce where you are looking. Do you have another linux or unix box? If you have a third box:

1) try copying aix pub key to itself and see if you can ssh localhost without pass (test the aix key pair)
2) try copying linux pub key to itself and see if you can ssh localhost without pass (test authorized_keys on linux)

3) try copying the aix pub key to the third box.
4) try copying pub key from third box to target linux box

HOpefully that should give you some hints


As far as why, I have once in awhile seen stuff happened that boggled my mind. The same thing you are mentioning above happened to me with two linux servers A and B

A -> B no prob
B -> A could not

I repeated the steps over and over and it drove me crazy

Eventually on linux I found that using ssh-copy-id worked.

Unfortunately there is no ssh-copy-id on AIX.
 
Old 03-03-2014, 09:38 AM   #24
cliffordw
Member
 
Registered: Jan 2012
Location: South Africa
Posts: 281

Rep: Reputation: 118Reputation: 118
[QUOTE=niranjan741;5102791]Linux machine:
Code:
ls -ld ~
drwxrwxrwx. 37 <username> <group> 4096 Jan 22 15:42 /home/sybasedev
As far as I know, SSH will ignore the authorized_keys file if your home directory is world accessible like this. It certainly does on my machine.

As others have also suggested, I'd recommend that you test this with another user account to confirm that this is the problem. I'd then strongly recommend that you change the permissions. If there are some files that need to be accessed by multiple users, 2 suggestions:

1. Move it to a separate directory, outside of anybody's home directory
2. Put all those users in a common group, and restrict the permissions to the group, rather than giving everyone on the machine full access.

Regards,

Clifford
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SFTP from windows to Linux server sras Linux - General 3 11-18-2013 08:08 AM
Sftp connection between Windows server and linux server vikash.thbs Linux - Server 2 01-02-2012 11:25 AM
cannot login into SFTP server using Net::SFTP cccc Programming 1 10-31-2007 07:23 AM
Files truncated by sftp/sftp-server at 65kb gato Linux - Networking 1 12-18-2003 11:29 AM


All times are GMT -5. The time now is 05:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration