On Mar 13, 2022, at 08:07:33, Jake Anderson <[email protected]> wrote:
>
> I was able to copy it
> We have two environment LPAR1 and LPAR2
>
> Certificate based SSH login is successful on LPAR2 but for LPAR1 It asks
> for password.
>
Ssh requires, but does not diagnose clearly, that no directory
in the path from root to ~/.ssh be writable by other than the
.ssh owner lest a (fe)malefactor modify the permissions.
This POSIX shell script reports any weaknesses:
#! /bin/sh
# Doc: Verify that strangers can't modify path to "'".
_UNIX03=YES export _UNIX03
${1+cd "$1"} || exit 103 # Defauot is PWD.
echo " Testing: $( ls -ld "$( pwd -P . )" )" >&2
while :; do
P=$( pwd -P . ) || exit 104
L=$( ls -ld "$P" )
# # echo " Testing: $L" >&2
case "$L" in
????????w* | ?????w* )
echo "!!! writable !!!: $L" >&2
exit 1;;
esac
[ "x/" = "x$P" ] && exit 0
cd -P .. || exit 102
done
--
gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
