Re: pubkey works for user: why not root ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Apr 18, 2009 at 10:27:00AM -0400, sean darcy wrote:
> I can ssh for my laptop to the server as a user, but using root from
> same laptop to same server fails. root can login with password.

http://mywiki.wooledge.org/SshKeys

> both cases run ssh-keygen on laptop, copy id_rsa.pub to server, cat
> id_rsa.pub >> authorized_keys, restart sshd on server.

Restarting sshd isn't necessary.

> On client .ssh
> is 700, .ssh/id_rsa is 700.

Client permissions probably don't matter.  At least, I've never seen a
case where they do.

> On server  .ssh is 700, authorized_keys is
> 644 ( same as user ).
> 
> What am I missing??

The REST of the server-side permissions, most likely.  Including the
permissions of /root (or whatever ~root is), and any parent directories
thereof.

> On client:
> 
> [root@daddy ~]# ssh -vv intel64-office

Snip.

> On server:
[...]
> Apr 18 10:04:41 intel64-office sshd[30747]: debug1:
> temporarily_use_uid: 0/0 (e=0/0)
> Apr 18 10:04:41 intel64-office sshd[30747]: debug1: trying public key
> file /root/.ssh/authorized_keys
> Apr 18 10:04:41 intel64-office sshd[30747]: debug1: restore_uid: 0/0

I hate this silence in the server-side logging.  Compare to what I see
when I successfully login with pubkey auth:

...
debug1: temporarily_use_uid: 563/22 (e=0/3)
debug1: trying public key file /net/home/wooledg/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /net/home/wooledg/.ssh/authorized_keys, line 1
Found matching RSA key: 9d:58:1d:f9:e5:0b:72:33:3a:93:62:e7:1e:f5:bf:df
debug1: restore_uid: 0/3
debug1: ssh_rsa_verify: signature correct
Accepted publickey for wooledg from 127.0.0.1 port 2879 ssh2
...

I would assume the gaping silence in your logs in between "trying
public key file ...authorized_keys" and "restore_uid: 0/0" is a failure
to open the public key file, though I really wish sshd would say WHY
it failed to open the public key file.

In any case, I'm betting the problem is "permissions of some parent
directory of ~/.ssh".

http://mywiki.wooledge.org/SshKeys

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux