Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unable To Perform A "Passwordless" SSH Login To A Server
Operating Systems HP-UX Unable To Perform A "Passwordless" SSH Login To A Server Post 302515674 by Rob Sandifer on Wednesday 20th of April 2011 04:05:14 PM
Old 04-20-2011
Okay, I finally discovered what the problem was and fixed it. I would like to share the solution with the members of this thread because, even though the problem is now fixed, there was something in the solution
that I am not understanding (detailed down below).

Upon reading the system log (/var/adm/log/syslog/syslog.log), it reads as follows:

Apr 20 10:33:30 fyman00 sshd[25874]: Authentication refused: bad ownership or modes for directory /root

That, of course, got me in the ballpark...

I then looked at the permissions on /

# ls -al /
drwxrwxrwx 5 root bin 96 Apr 16 14:55 root

At that point, I knew the problem was going to be either "root bin" (improper owner) or "drwxrwxrwx" (incorrect permissions) or a
combination of both on the file /root

To determine which was the culprit, I corrected each one separately and then tested separately.

I then set the ownership to the correct setting: "root root". Retested and still could not achieve a successful passwordless (publickey) login. I then changed the mode to drwxr-xr-x I retested and then, you guessed it, I was able to successfully achieve a passwordless login. The final correction to /root reads as follows:

drwxr-xr-x 5 root root 96 Apr 16 14:55 root

Okay, here is the part that I do not understand: Why, after changing the mode from a LESS restrictive setting (drwxrwxrwx) to a MORE restrictive setting (drwxr-xr-x), why was I then allowed to finally authenticate correctly? This seems so counterintuitve... I'm quite certain that I am overlooking something rather basic...

Any ideas so I can finally put this one to bed? Thanks!

Rob S.

 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

No utpmx entry: you must exec "login" from lowest level "shell"

Hi I have installed solaris 10 on an intel machine. Logged in as root. In CDE, i open terminal session, type login alex (normal user account) and password and i get this message No utpmx entry: you must exec "login" from lowest level "shell" :confused: What i want is: open various... (0 Replies)
Discussion started by: peterpan
0 Replies

2. Shell Programming and Scripting

script that can give login password for "ssh" without involving STDIN

Hi Folks, I am writing a shell script that can logon to remote machine automatically. But, I am facing one problem. I am using "ssh" command in script and while login into remote machine it asks for passowrd and it stops for STDIN input for password. I want my script to supply password... (2 Replies)
Discussion started by: gydave
2 Replies

3. UNIX for Dummies Questions & Answers

how to install "source" command!/ broken "login.cl"!

Hello, I am new to this forums and this is my first "asking help" message! i have 2 problems: 1- for unknown reasons the "source" command is not avalable in my system (UBUNTU). i can't either see it in my bin directory! 2- again for unknown reasons the "login.cl" file in the home... (0 Replies)
Discussion started by: astrosona
0 Replies

4. UNIX for Advanced & Expert Users

How to allow particular user only to login as a root using "ssh" ?

Q1 I want to allow particular user only to login into root using ssh. I have set PermitRootLogin no for security purpose but I want to allow some of the users to login as a root using ssh how to do this? I have tried with Allowusers user1 user2 its working for only the user1 and... (3 Replies)
Discussion started by: ungalnanban
3 Replies

5. AIX

ssh public key auth "Remote login for account is not allowed" ?

Hello, Using AIX 6.1 boxes. User user1 connects from box A to box B using ssh. When password authentication is used everything is fine. When I configure user1 to use public key authentication sftp client works fine(no password asked), but ssh client fails. This is sshd log: Accepted publickey... (3 Replies)
Discussion started by: vilius
3 Replies

6. Shell Programming and Scripting

login to more than one pc (simultaneously) using "ssh"

Hi all, can any one have idea that " how to login to more than one PC (simultaneously) using "ssh" "? (1 Reply)
Discussion started by: kavi.mogu
1 Replies

7. UNIX for Dummies Questions & Answers

What is the significance of sh -s in ssh -qtt ${user}@${host} "sh -s "${version}"" < test.sh?

Please can you help me understand the significance of providing arguments under sh -s in > ssh -qtt ${user}@${host} "sh -s "${version}"" < test.sh (4 Replies)
Discussion started by: Sree10
4 Replies

8. AIX

Nim server "Unable to execute remote client commands"

Hello, What is its mean? Could you please help me? Best regards, root@nimserver:/> nimadm -j nimadmvg -c dev4 -s spot1 -l lpp_source1 -d "hdisk7" -Y Initializing the NIM master. Initializing NIM client dev4. 0042-006 c_rsh: (exec_nimsh_cmd) exec_cmd Error 0 poll: setup failure... (2 Replies)
Discussion started by: getrue
2 Replies

LEARN ABOUT SUSE

ssh-keysign

SSH-KEYSIGN(8)						    BSD System Manager's Manual 					    SSH-KEYSIGN(8)

NAME

     ssh-keysign -- ssh helper program for host-based authentication

SYNOPSIS

     ssh-keysign

DESCRIPTION

     ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
     SSH protocol version 2.

     ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
     EnableSSHKeysign to ``yes''.

     ssh-keysign is not intended to be invoked by the user, but from ssh(1).  See ssh(1) and sshd(8) for more information about host-based authen-
     tication.

FILES

     /etc/ssh/ssh_config
	     Controls whether ssh-keysign is enabled.

     /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
	     These files contain the private parts of the host keys used to generate the digital signature.  They should be owned by root, read-
	     able only by root, and not accessible to others.  Since they are readable only by root, ssh-keysign must be set-uid root if host-
	     based authentication is used.

SEE ALSO

     ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

     ssh-keysign first appeared in OpenBSD 3.2.

AUTHORS

     Markus Friedl <markus@openbsd.org>

BSD
								   May 31, 2007 							       BSD
All times are GMT -4. The time now is 03:31 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy