Frazzled on id_dsa.pub logins (long post with ssh -vvv)
Michael Johnson
mjohnson at coderyte.com
Fri Mar 31 04:23:59 UTC 2006
On Mar 30, 2006, at 11:09 PM, Cameron Simpson wrote:
> This seems nasty. I would say your local /root/.ssh/id_dsa key is
> busted. You did install it? Your ssh-keygen took place in /tmp,
> so we should check.
It's cool...no problems with it.
> Well, check locally first (though if it's working for other remote
> machines I doubt anything is wrong). It is possible that root has
> more that one key (id_dsa and maybe another?) and the other key is
> getting you into the other machines. Unlikely...
>
> | OpenSSH 3.6.1p2 on RHEL AS3. On the remote machine I have this log
> | entry:
> | authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> | rhost=machine.domain.tld user=root
>
> This is from /var/log/secure?
Nope...but this comment got me to look there. =-)
sshd[15622]: Authentication refused: bad ownership or modes for
directory /root/.ssh
> I'd check:
>
> /root
> No public or group write perms on /root, /root/.ssh or the
> authorized_keys file.
Ding ding ding...we have a winner.
The permissions were fine, but the ownership was messed up. I
restored /root/.ssh to root:root and it was fine.
I guess it helps to look in the right log file.
Thanks for the kick in the head. Staring at a problem too long and
hard can make you completely miss the obvious.
-Michael
--
----------------------------------------------------------
| Michael Johnson | Sr. Systems Engineer |
| mjohnson at coderyte.com | CodeRyte |
| +1-301-951-5315 | http://www.coderyte.com/ |
----------------------------------------------------------
More information about the redhat-list
mailing list