Thanks for the comments Paul.

I was surprised when I joined the collaboration and saw home directories world readable but that decision was made long before I arrived and changing it remains above my pay grade.

The reason I doubt that's my current problem is because regenerating the server key files works. I can log in fine today and I haven't changed permissions. I also don't have problem logging into other systems from that machine that are [supposed to be] set up the same way.

When it happens again, I will check if changing permissions helps.

Also for the record I waited until my existing Kerberos tickets expired. These are to other services not that machine. I can log in fine with an expired or valid TGT hanging around and after kdestroy.

Happy holidays,
Joe




On 11/22/2012 08:32 AM, Paul Robert Marino wrote:

Well there is your problem
The users home directory needs to be 700 unless you turn off strict key checking in the sshd configuration file. Also the public key should be 600 as well.

Making home directories world or group readable isn't a good plan for collaberation because many applications store sensitive information like passwords and cached information like session data in the home directory. instead consider creating group directories an setting the setgid bit on it so the group permissions are inherited by any files created in the directories. Making home directories world or group readable is a lazy solution to an easily solved problem. Its a common mistake that causes loads of problems because many application which are written to be secure purposly break when you do it. I highly suggest you comeup with a better plan for collaberation than that.

On Nov 21, 2012 11:10 PM, "Joseph Areeda" <[email protected] <mailto:[email protected]>> wrote:

    On 11/21/2012 07:08 PM, Alan Bartlett wrote:

        On 22 November 2012 01:18, Joseph Areeda <[email protected]
        <mailto:[email protected]>> wrote:

            The user's directory is 755 which is the convention for
            grid computers in
            our collaboration and the plan is for this machine to be
            on our soon to be
            delivered cluster.  The .ssh directory is 700.  This
            doesn't change between
            the working and non-working state.

        Good, you've checked the directory.

        Now what about the files within it? Hopefully they are all 600?

        Alan.

    Alan,

    The private keys are all 600 and the public keys are 644.  I keep
    a few different ones for going to different systems.

    Joe

Reply via email to