Thanks for the comments Paul.
I was surprised when I joined the collaboration and saw home directories
world readable but that decision was made long before I arrived and
changing it remains above my pay grade.
The reason I doubt that's my current problem is because regenerating the
server key files works. I can log in fine today and I haven't changed
permissions. I also don't have problem logging into other systems from
that machine that are [supposed to be] set up the same way.
When it happens again, I will check if changing permissions helps.
Also for the record I waited until my existing Kerberos tickets
expired. These are to other services not that machine. I can log in
fine with an expired or valid TGT hanging around and after kdestroy.
Happy holidays,
Joe
On 11/22/2012 08:32 AM, Paul Robert Marino wrote:
Well there is your problem
The users home directory needs to be 700 unless you turn off strict
key checking in the sshd configuration file. Also the public key
should be 600 as well.
Making home directories world or group readable isn't a good plan for
collaberation because many applications store sensitive information
like passwords and cached information like session data in the home
directory. instead consider creating group directories an setting the
setgid bit on it so the group permissions are inherited by any files
created in the directories.
Making home directories world or group readable is a lazy solution to
an easily solved problem. Its a common mistake that causes loads of
problems because many application which are written to be secure
purposly break when you do it.
I highly suggest you comeup with a better plan for collaberation than
that.
On Nov 21, 2012 11:10 PM, "Joseph Areeda" <[email protected]
<mailto:[email protected]>> wrote:
On 11/21/2012 07:08 PM, Alan Bartlett wrote:
On 22 November 2012 01:18, Joseph Areeda <[email protected]
<mailto:[email protected]>> wrote:
The user's directory is 755 which is the convention for
grid computers in
our collaboration and the plan is for this machine to be
on our soon to be
delivered cluster. The .ssh directory is 700. This
doesn't change between
the working and non-working state.
Good, you've checked the directory.
Now what about the files within it? Hopefully they are all 600?
Alan.
Alan,
The private keys are all 600 and the public keys are 644. I keep
a few different ones for going to different systems.
Joe