SSH in Yo' Face!
I recently encountered a rather annoying little caveat of using SSH public key authentication. I have some scripts that use public key authentication to connect to other servers and accomplish various tasks, and since they all run within an internal network, it suits me just fine. However, the other day (it appears due to a mistyped rsync command) the permissions for the user's home folder on the server I was connecting to got altered to be world read and writable (777). The following few hours were spent trying to figure out what was going on.
The main symptom was that I was able to connect to the destination server using password authentication, but for some reason, the public key authentication was not working. I went through verifying that the authorized_keys file contained the correct key for the connecting host, and even generated a new key and tried to use that. After spending a few hours fighting the battle, I had finally run out of ideas so I gave it a few days to rest. Today, upon taking a look at the problem a buddy of mine pointed out the offending file permissions. For some strange reason, SSH does not like it when the home directory has world writeable permissions. All that wnd we were back in business. It's kind of counter-intuitive if you ask me, but I guess that prevents the user from leaving sensitive keys open to being read by any user. I may not have never figured that out, so props to Andy for being so freakin' smart!
The main symptom was that I was able to connect to the destination server using password authentication, but for some reason, the public key authentication was not working. I went through verifying that the authorized_keys file contained the correct key for the connecting host, and even generated a new key and tried to use that. After spending a few hours fighting the battle, I had finally run out of ideas so I gave it a few days to rest. Today, upon taking a look at the problem a buddy of mine pointed out the offending file permissions. For some strange reason, SSH does not like it when the home directory has world writeable permissions. All that wnd we were back in business. It's kind of counter-intuitive if you ask me, but I guess that prevents the user from leaving sensitive keys open to being read by any user. I may not have never figured that out, so props to Andy for being so freakin' smart!
0 Comments:
Post a Comment
<< Home