Re: ssh Public Keys Suddenly Stopped working for one account.
On Sat, 14 Jun 2008 13:02:07 -0500 Martin McCormick [EMAIL PROTECTED] wrote: All other accounts on this same system with public keys from their remote partners still work fine. The ownership and permissions look right on the account directory. how about on the client computer? for instance, id_rsa is supposed to be 600. the ownership should be set for the account on .ssh and authorized_keys. Does this sound familiar and what else am I missing? we had only one problem getting a mac to log in which was strange. the client generated the id_rsa.pub and id_rsa keys. it wouldn't work - and apparently all the permissions were set correctly at both ends. so we did the whole thing from scratch again - and this time it worked. conclusion: the system is picky about the rsa key. :D :D -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ssh Public Keys Suddenly Stopped working for one account.
At 01:02 PM 6/14/2008, Martin McCormick wrote: We have an account on several FreeBSD systems that is used for automation. Several systems can talk to each other via ssh by using public keys so that scripts don't have to hold passwords. Last night, an account that has been working for years suddenly won't let any of its cyber cohorts in without a password. I bet I accidentally changed something sometime, but I can't figure out what. The public keys hadn't changed since 2005 although today, I blew them all away and made new ones which still don't work on this one system but work on all others. There is no password expiration timeout (the first thing I thought of) since the account is several years old. All other accounts on this same system with public keys from their remote partners still work fine. The ownership and permissions look right on the account directory. Does this sound familiar and what else am I missing? I can telnet in to the account on the localhost via the usual password which you can't do on an expired account. I even did a stupid sort of measure which was to reset the password to itself and that didn't change anything. Many thanks for other suggestions. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Network Operations Group If you upgraded one system to a new major version (sometimes point releases will cause a problem too) the system will regenerate its keys, so you need to then propagate the new keys. Other than that, if you have a drive error causing the key files to not be readable is the only other time I've seen this problem. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ssh Public Keys Suddenly Stopped working for one account.
Martin McCormick wrote: We have an account on several FreeBSD systems that is used for automation. Several systems can talk to each other via ssh by using public keys so that scripts don't have to hold passwords. Last night, an account that has been working for years suddenly won't let any of its cyber cohorts in without a password. I bet I accidentally changed something sometime, but I can't figure out what. The public keys hadn't changed since 2005 although today, I blew them all away and made new ones which still don't work on this one system but work on all others. There is no password expiration timeout (the first thing I thought of) since the account is several years old. All other accounts on this same system with public keys from their remote partners still work fine. The ownership and permissions look right on the account directory. Does this sound familiar and what else am I missing? I can telnet in to the account on the localhost via the usual password which you can't do on an expired account. I even did a stupid sort of measure which was to reset the password to itself and that didn't change anything. Many thanks for other suggestions. cat /var/log/auth.log ? --per ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ssh Public Keys Suddenly Stopped working for one account.
Per olof Ljungmark writes: cat /var/log/auth.log ? Thank you! This makes me feel down-right stupid. It just slipped my mind. I've kind of gotten out of the habit of looking at auth.log since we put the system in question behind a firewall and it is not accessible from the general Internet any more. sshd[1746]: Authentication refused: bad ownership or modes for directory /usr/home/automation I said that the ownership looked okay for that directory. It needed to be 755 so everybody on the system in question can at least look at files in it. Somehow, yesterday or the day before, I accidentally had it set to 775 which is not good. I think I remember realizing I was in the wrong directory, once, and that may have been when I did it. sshd and sendmail will both refuse to operate on files that are writable by other than the owner. I had looked at those permissions several times and the fact that it was drwxrwxr-x instead of drwxr-xr-x hadn't sunk in yet. Many thanks. Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]