Date: Sat, 14 Sep 2019 11:50:40 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: OT: My ssh authorized_keys doesn't work with nfs/nis Message-ID: <0b5eed49-986a-d40e-7df9-971a47cb500e@FreeBSD.org> In-Reply-To: <CAGBxaXkVQNE6deyWs9JXh9vqmKz8tLc9HfqC8ZmBLrK2jv7p3A@mail.gmail.com> References: <CAGBxaXkVQNE6deyWs9JXh9vqmKz8tLc9HfqC8ZmBLrK2jv7p3A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --KqAHplyVs4O6xDSibiGlhZ1WUknoz2Bqp Content-Type: multipart/mixed; boundary="0QOLM0ldYWYsI3MNTfg9Ob56vOrVO11zN"; protected-headers="v1" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Message-ID: <0b5eed49-986a-d40e-7df9-971a47cb500e@FreeBSD.org> Subject: Re: OT: My ssh authorized_keys doesn't work with nfs/nis References: <CAGBxaXkVQNE6deyWs9JXh9vqmKz8tLc9HfqC8ZmBLrK2jv7p3A@mail.gmail.com> In-Reply-To: <CAGBxaXkVQNE6deyWs9JXh9vqmKz8tLc9HfqC8ZmBLrK2jv7p3A@mail.gmail.com> --0QOLM0ldYWYsI3MNTfg9Ob56vOrVO11zN Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 14/09/2019 08:39, Aryeh Friedman wrote: > My ~/.ssh/authorized_keys files works fine on a machine that is not in = my > NIS domain but when I copy my id_rsa.pub (which is what I did to create= the > non-NIS authorized_keys) to my NIS account and give it the same permiss= ions > as the working machine it insists on asking for a password. >=20 > ssh faraway (non-NIS machine) > does not ask for a password > but > ssh nearby (NIS machine) does >=20 > Both have identical authorized keys and both (and their parent dirs) ar= e > set to 644. Both machines are FreeBSD 11 and the machine doing the ssh= > call is FreeBSD 12 >=20 Check the ownership / permissions on ~/.ssh on the machine where key based auth is not working -- sshd will refuse to use authorized_keys if it thinks permissions are too loose. Also check for authorized_keys related settings in /etc/ssh/sshd_config -- it is not uncommon to require authorized_keys to be installed in some centralized, root owned directory that individual users don't have write access to. Cheers, Matthew --0QOLM0ldYWYsI3MNTfg9Ob56vOrVO11zN-- --KqAHplyVs4O6xDSibiGlhZ1WUknoz2Bqp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEGfFU7L8RLlBUTj8wAFE/EOCp5OcFAl18xgFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5 RjE1NEVDQkYxMTJFNTA1NDRFM0YzMDAwNTEzRjEwRTBBOUU0RTcACgkQAFE/EOCp 5OeUaRAAhVMo6kE4F2t6x9tRkFCTrOVBYJB3CnNoHSxE/DpMYVr7ovwt5oBKrB6l +VWrKYKecOqvJpPdwVbAqdHP1OM5Z8lzRxbH/vvwkTIiynxJt+3g5zAFOZFKqbTA JKYeImjUc8BBs1BXUgjzZMS9Dn2TiXLDXlCOnUqlsB0AiI2cWvaz+/xxs/alv6bt 1U4T6xLvCzUnUaf2fBtxz54a7ARA28knwo4szc43xQCOjtX9BKZMny5ZffYPFzCI QpRQeWynfvz7F1DBIgbrrKt6TWzJ4NOII3dQYO+rdsEJdDkz61907N2JcuZr8eiR ZF+fK0HCSDFlIC7hvm5Wo/5IDwCmgZzFqJdV8p/l4umLyOP/e61+/kCqgaxryyF/ xI4ae1rNRMfNFIA/6ho/nkhGYmIT2kIoSwW/RqCapu/FyCMAO8/OmIYcEt803bwe 0bykcqFMGX4m55kc28/TjYbRx5VWO4ufR9hGpZFWzB3EjYvSgOewLyJHRLq7w5qq nfdxbdutSkdzDrN2kZHCMuKXqTPNPnYUcdS206Zr3Y4BgpQu4ywnTDhrgU14ThHf dzwV0MDIlZcjVhQ/RqQGp4EZfDe22dN4x774h1LKIyMdNo/hL9iqrUHGWxFaz3PF 93sHbJZGIGG/F8ZwaxPiT/2/bQZt9rLbbv647FZCBBAVHqNcxUQ= =o+6w -----END PGP SIGNATURE----- --KqAHplyVs4O6xDSibiGlhZ1WUknoz2Bqp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0b5eed49-986a-d40e-7df9-971a47cb500e>