Re: ssh with shared home dir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

cd ~bluethundr/.ssh/

[bluethundr@VIRTCENT01 ~]$ ls -al | grep .ssh
-rw-------   1 bluethundr 1005       70 Oct 17 14:04 .lesshst
drwxr-xr-x   2 bluethundr 1005      512 Oct 22 14:06 .ssh
-rw-r--r--   1 bluethundr 1005     1047 Sep 16 01:22 sshd-prop.txt
[bluethundr@VIRTCENT01 ~]$ ls -lh .ssh
total 28K
-rw-r--r-- 1 bluethundr 1005 2.9K Oct 22 21:49 authorized_keys
-rw------- 1 bluethundr 1005 1.7K Oct 22 21:48 id_rsa
-rw-r--r-- 1 bluethundr 1005  400 Oct 22 21:48 id_rsa.pub
-rw-r--r-- 1 bluethundr 1005  20K Oct 22 15:59 known_hosts

[root@VIRTCENT01 ~]# cd ~bluethundr/.ssh/
[root@VIRTCENT01 .ssh]# ls -lah ~bluethundr/.ssh/*
-rw-r--r-- 1 bluethundr 1005 2.9K Oct 22 21:49
/home/bluethundr/.ssh/authorized_keys
-rw------- 1 bluethundr 1005 1.7K Oct 22 21:48 /home/bluethundr/.ssh/id_rsa
-rw-r--r-- 1 bluethundr 1005  400 Oct 22 21:48 /home/bluethundr/.ssh/id_rsa.pub
-rw-r--r-- 1 bluethundr 1005  20K Oct 22 15:59 /home/bluethundr/.ssh/known_hosts
[root@VIRTCENT01 .ssh]# cat ~bluethundr/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1vQJFa+RDUrqzcnQrzTR7wm3bPGI7cnAX3crAj9KFM3sxuSTP18ZE1V3N7aQ7dju0BJli1PfR/EnlKM/xAybvn4N2yH0bxiKuQwx7M0SvhXy3PUAJu8AuRBGag9yyG0fqJ0lWhcbrKbGwFxYsfpfpLp501Fs5pqqKRSJl4IM5Kv11QcM0ZXLEiJwByiz6vLSBgBxZG3MSgF03F2+gRZbQkPVECAg7e3mValoiZB0K5m3tjMFCr8FZoVVbz4J16fKgIc4WfRFcKTuGEDt3I0agDhosFMVpAvZV4WRYIIpg7nkYpKkIlqSX+GYH+7RPlh2QNQyvS+I0+XOXSdqkP62aQ==
bluethundr@xxxxxxxxxxxxxxxxxxxxxxxx
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtLqML4TD+qE+L544ofOPFPnSUjnG/XIet66K1vvPot+sH81zxeZQgJeREcsOjYUrnApzigd+QudfCGRsNgQ7nFAPUX3edp0Ssi7GCeVTRiBcxYIcVMXm6Fgt2ERyAy0GPdpZCS+R2iKTBgESUo0kQXglm8Jkvlbc8/MDOOEAUiyHBKfOpUPe30qMtYtByNorNWjJz+v1jnGV+T2PVhsHIVpfT501YkHmRVspPy765nEoF9HKQtxc5UOClMCbYrd8R/J7mgtr2RAhFr3lj0dRfVM75hPhI/5qONmomoAoMSdz/c4pjrNlu6MbZV9m8tFi89AviyRkdu0kZt8F6QeJOQ==
bluethundr@VIRTCENT02
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApnUSYyrM96qIBZKjwSNYycgeSv/BVQTjK7EHqPE1Lv3LLs0ixV9pOXvHMq3YCZHHmgyxwizShnt7MKWFcYPI02ywGHFPawvCM2hIqSwn7kH0KfraHO1Vt+zfcPVsqSo2Mw79cYezVvFYzbSSxCY6O00mZ5PWReyVuOn9Fb/uH/xCzKk9OsCpfCEmNF2YrLCfZvfAATgv7QmIRfsAa+ttLzUELGrfn/n+Xj8K/xqV8C71KPuf8s1OSf/19PLZedv2xSA2KU/OUekAc0gu1HNsC23gLTO7DSasW9y1LStWRryTbpn3UHcwQXlCuw2VtWGkrBCAaLEyG2rE8NIcBOsfHQ==
bluethundr@xxxxxxxxxxxxxxxxxxxxxxxx
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEAvidMglwWPpVBS5DQn983zpDX4HJl9ENErG6mL5bz1BHTv89i
CrnjwCCHWwZAGTlYqzH/u0+s96CS0LrrZTyJRYBbG4770IZIHN5GEk3Yj867qGcv
hBA3GLVBVgaH3MSdZU/EByXOANOxVtDq2OOtkfTRZHxYReNxSZtZCUO3dhiMYKPs
sISCGHDgyUBzqQJP+RtHrPvtS+GzkBfH7y6ilhlCi8Z7Cs9jef6NKiiMeSyv5x2r
QhMFwM0T+Ny2AO0kcA1up3zZ7OnTU28KhO5E9XvK82hnPA6uKWJvyDTsIZn27XPu
/KuAG7V+xgbd3VH4NCAKn8ZJ+DRAIxQEX41IjQIBIwKCAQAVu1kzeD0Od3UtNR8o
NsSMotbX0o9PHaFyytEqAp+F82ioNPVDDe4klgDXM+oRguWP6HT/dtHwah9oT+Bj
V2AlMz2cv+JDt5M2f81+b0vzLZHKGmvUlCONy5JwO0K6JRlNaDOpC6KDwGwJ6/2V
IVWqR91qkd4z33qpU5UloVbLqtYVj3Pr98N0UjDy/b+aaNSQH8QxB8GV8HinY8yX
fhw/IIOq4rrJDR4oN937t2w+5ikUhAyO75ZkkOUq7m8/7k25/X81aAHydaOCUy9X
mxVuFrBKR8b1lmxX0hsUlkR+hREv8+RcWcxumQmHYVajm8i4MA262sVQdLCWoTfv
+NBbAoGBAPHraRn5TWirlr0CN/W67z7lYRFqiaNVdQLi1DBDYMj/txN99G2BB8br
KE/YHsRsEED60Dq6gKfHzZC3atGR3GR16UbFM51bj89myuCoL3EPitIZcmXgP+lW
W54GjLqYwXPVTvDUJCYue3hAyiWLNguJ4GQvfIRWNC9G68XIDtZ/AoGBAMk4k5xm
fyszCvd43DFm/c0mpEGVbmwWdJD0mll+PmJuBa72kisqlNSu7Wb3hNTmvod4ygKk
4foJC64Jy5b/q5feug7O+yuH1K04TEueMdhiqnJQAfR26pDSmGTNhVo1zCy0jvAA
dZ0lfvMkqQI6iNBemy5NT4ciAwe2JZUjvVLzAoGAfGpwkQPeqtvnH2A6CVjSz+Ou
Q3iejoO4hSQynHpsSh0cUyrVeiUZ8UW89dzcn4gIW+60O3XbxABbFznB6B8g4zVT
ZjmIQkxYloyi2fAYZgf+QCpYFyLfCkmrddd7kyn9Fv/8tl54/bGBU8mMiFY5DT+X
+QJ6jTOlzyvJtixfZv8CgYEAmzpF/E8RpPt9fRQXk9Mbj6F3ZcsMCj01WeFD3qM3
cIDCjkku7hmIwVO+dADFjkuaSz/sSy689BWbS75p2uJ9DsHCuvdxTXdpjPDqZjg1
FKPikrK/rfVV3W9CXGQHyT9xntRuRB2cjyuN0YKuQ4w9qA53tgEgF8nH0r+2l586
R00CgYBMiwcYZxf7aWNd4eUaVSuGPu6bVG/epyKvc5NIVbEGkcx3XOu0Ly0i8K4j
HeEiztRlp1dJ9231KBKtsRCjZNlwh6NGY+DOU8IGXZMRDYTYbFHJ5yAoAqAeVGrn
NQO4VuDMKI6u5ZxwuvmP8f8lG1F9EWukp++Rt3FXy0qy9d4TrQ==
-----END RSA PRIVATE KEY-----


[bluethundr@nas ~]$ grep $MYNFSFS /etc/exports
/mnt/nas -alldirs -mapall=root -network 192.168.1.0 -mask 255.255.255.0

[bluethundr@nas2 /]$ grep $MYNFSFS /etc/exports
/mnt/store -alldirs -mapall=root -network 192.168.1.0 -mask 255.255.255.0

[bluethundr@nas2 /]$ grep $MYNFSFS /etc/exports
/mnt/home -mapall=root -network 192.168.1.0 -mask 255.255.255.0


yes I did cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys...

I enabled    IdentityFile ~/.ssh/id_rsa and    RSAAuthentication yes

in /etc/ssh/ssh_config and

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys


in /etc/ssh/sshd_config

still failed... :(

[bluethundr@VIRTCENT02 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[bluethundr@VIRTCENT02 ~]$ ssh virt1
bluethundr@virt1's password:
Last login: Fri Oct 22 22:31:41 2010 from 192.168.1.2

the only thing left I can think of is that bluethundr is an LDAP user.
can THAT prevent the user from logging in with keys? Also, the root
user key has been exported across the network and can login without a
password...


this is mighty puzzling!!

On Fri, Oct 22, 2010 at 8:42 PM, Robert Heller <heller@xxxxxxxxxxxx> wrote:
> At Fri, 22 Oct 2010 14:38:37 -0400 CentOS mailing list <centos@xxxxxxxxxx> wrote:
>
>>
>> hey listers!
>>
>> silly quesion: if I generate an RSA key on an NFS shared home
>> directory, then cat >> it into the .ssh/authorized_keys file in the
>> same location, shouldn't I then be able to ssh into each host that
>> shares the NFS home directory without entering a passphrase (assuming
>> the key doesn't have one)? and assuming the permissions on the
>> authorized_keys file belong to the user with mode 600?
>
> Yes.  This works quite well.
>
>>
>> thanks!
>> tim
>>
>
> --
> Robert Heller             -- 978-544-6933 / heller@xxxxxxxxxxxx
> Deepwoods Software        -- http://www.deepsoft.com/
> ()  ascii ribbon campaign -- against html e-mail
> /\  www.asciiribbon.org   -- against proprietary attachments
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux