Re: sshd get path to authorized_keys file wrong

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 10 June 2010 20:32:50 Mike Williams wrote:
> On Thu, Jun 10, 2010 at 6:45 AM, Barry Scott <barry.scott@xxxxxxxxxxxx> wrote:
> > We are seeing an sshd_config that used to work on f12 failing on f13.
> >
> > When doing ssh root@host:
> > Jun 10 11:34:32 f12barry sshd[23030]: Failed publickey for root from 192.168.7.232 port 39169 ssh2
> >
> > Notice the public key file is //.ssh/authorized_keys.
> >
> > -------------------sshd_config--------------
> > Port 22
> 
> I have two suggestions and a couple comments for you.

This is a know bug with the openssh sources in F13.
There is a patched openssh that will hit updates soon.

> 1) comment out the line with AuthorizedKeysFile

The AuthorizedKeysFile lines is not parsed correctly. Its is always turned into
an abs path. This is the bug the the update will fix.

> 
>     In comparing your sshd_config with one from a working f13 system I
> noticed that I had that line commented out, when I uncommented I got a
> failure similar to what you mentioned.
> 
> 2) modify the AuthorizedKeysFile to match the line below (the %h
> causes sshd to look in $HOME/.ssh)
> 
> AuthorizedKeysFile      %h/.ssh/authorized_keys

I used:
  AuthorizedKeysFile      /%h/.ssh/authorized_keys

which works inspite of the bug.

> 
> Both of the above worked for me, after I broke the system by
> uncommenting the AutorizedKeysFile line.
> 
> Your log it lists port 39169, but the sshd_config you posted has Port
> 22 - I'm guessing what you posted as your sshd_config doesn't match
> what was in place when the log messages occurred.

That will be the clients port not the server port.

> 
> I never allow root login, it just seems like asking for big trouble.
> I always set PermitRootLogin no and use sudo or su - as needed after
> logging in as a normal user, which seems much safer.

In general I agree but in the case of the product this script
comes from its not. The user can turn off SSH from the
products web ui if they are concerned.

> Please post another message saying whether or not the
> AuthorizedKeysFile change(s) worked for you.

Done.

Barry
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux