Re: ssh with shared home dir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Tim Dunphy wrote, On 10/22/2010 03:30 PM:
> hmm.. ok then gordon thanks for the input! how do these permissions grab ya?
> 
> 
> [bluethundr@LCENT01 ~]$ ls -alh | grep .ssh
> -rw-------   1 bluethundr summitnjops    70 Oct 17 14:04 .lesshst
> drwx------   2 bluethundr summitnjops   512 Oct 22 14:06 .ssh
> 
> 
> [bluethundr@LCENT01 ~]$ ls -lah .ssh
> total 34K
> drwx------   2 bluethundr summitnjops  512 Oct 22 14:06 .
> drwx------ 106 bluethundr summitnjops 5.5K Oct 22 14:44 ..
> -rw-------   1 bluethundr summitnjops  820 Oct 22 14:19 authorized_keys
> -rw-------   1 bluethundr summitnjops 1.7K Oct 22 14:18 id_rsa
> -rw-r--r--   1 bluethundr summitnjops  403 Oct 22 14:18 id_rsa.pub
> -rw-r--r--   1 bluethundr summitnjops  20K Oct 22 14:47 known_hosts
> [bluethundr@LCENT01 ~]$
> 
> 

An experiment for you...

Assumptions:
1) NFS v3
2) on the NFS server the file system is named '/exportedfilesytem'
3) have root on both machines
4) on the NFS client the file system is mounted such that it contains bluethundr's home directory
5) root_squash is in play

On the NFS server
MYNFSFS=/exportedfilesytem
grep $MYNFSFS /etc/exports
grep $MYNFSFS /etc/exports | grep -v no_root_squash
#if you get a line back then root on the client machine is being squashed.
man exports #search down for root_squash

On the NFS client (virt1)
####
login as root
####
cd ~bluethundr/.ssh/
#you may have just gotten an error.
ls -lah ~bluethundr/.ssh/*
#you may have just gotten an error.
cat ~bluethundr/.ssh/authorized_keys
#you _have_ just gotten an error, and this is the one that stops you IIRC.


Suggestions:
1) Consider tightening up perms on id_rsa.pub & known_hosts
2) Open up the _read_ perms on authorized_keys
3a) IIRC you _may_ also have to open up the _read_ perms on ~/.ssh
3b) IIRC you _may_ also have to open up the exec perms on ~/.ssh
If you have to do one of 3a or 3b, try each individually and only give as much as you have to.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux