guys awesome advice!! I will try your suggestions sometime tonight, I
am backing up the virtual network at the moment and it is therefore
shutdown until the backup is done.
thanks !!
tim
On Fri, Oct 22, 2010 at 4:08 PM, Todd Denniston
<Todd.Denniston@xxxxxxxxxxxxxxxxxxxxx> wrote:
> Tim Dunphy wrote, On 10/22/2010 03:30 PM:
>> hmm.. ok then gordon thanks for the input! how do these permissions grab ya?
>>
>>
>> [bluethundr@LCENT01 ~]$ ls -alh | grep .ssh
>> -rw------- 1 bluethundr summitnjops 70 Oct 17 14:04 .lesshst
>> drwx------ 2 bluethundr summitnjops 512 Oct 22 14:06 .ssh
>>
>>
>> [bluethundr@LCENT01 ~]$ ls -lah .ssh
>> total 34K
>> drwx------ 2 bluethundr summitnjops 512 Oct 22 14:06 .
>> drwx------ 106 bluethundr summitnjops 5.5K Oct 22 14:44 ..
>> -rw------- 1 bluethundr summitnjops 820 Oct 22 14:19 authorized_keys
>> -rw------- 1 bluethundr summitnjops 1.7K Oct 22 14:18 id_rsa
>> -rw-r--r-- 1 bluethundr summitnjops 403 Oct 22 14:18 id_rsa.pub
>> -rw-r--r-- 1 bluethundr summitnjops 20K Oct 22 14:47 known_hosts
>> [bluethundr@LCENT01 ~]$
>>
>>
>
> An experiment for you...
>
> Assumptions:
> 1) NFS v3
> 2) on the NFS server the file system is named '/exportedfilesytem'
> 3) have root on both machines
> 4) on the NFS client the file system is mounted such that it contains bluethundr's home directory
> 5) root_squash is in play
>
> On the NFS server
> MYNFSFS=/exportedfilesytem
> grep $MYNFSFS /etc/exports
> grep $MYNFSFS /etc/exports | grep -v no_root_squash
> #if you get a line back then root on the client machine is being squashed.
> man exports #search down for root_squash
>
> On the NFS client (virt1)
> ####
> login as root
> ####
> cd ~bluethundr/.ssh/
> #you may have just gotten an error.
> ls -lah ~bluethundr/.ssh/*
> #you may have just gotten an error.
> cat ~bluethundr/.ssh/authorized_keys
> #you _have_ just gotten an error, and this is the one that stops you IIRC.
>
>
> Suggestions:
> 1) Consider tightening up perms on id_rsa.pub & known_hosts
> 2) Open up the _read_ perms on authorized_keys
> 3a) IIRC you _may_ also have to open up the _read_ perms on ~/.ssh
> 3b) IIRC you _may_ also have to open up the exec perms on ~/.ssh
> If you have to do one of 3a or 3b, try each individually and only give as much as you have to.
>
> --
> Todd Denniston
> Crane Division, Naval Surface Warfare Center (NSWC Crane)
> Harnessing the Power of Technology for the Warfighter
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
--
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9
Share and enjoy!!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
