Date: Sat, 14 Sep 2019 07:09:17 -0400 From: Aryeh Friedman <aryeh.friedman@gmail.com> To: Matthew Seaman <matthew@freebsd.org> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: OT: My ssh authorized_keys doesn't work with nfs/nis Message-ID: <CAGBxaXmyX-YT4=1aH5dCRT4sj0H1ZMxnOnKO4ctVf=vtWqY=5Q@mail.gmail.com> In-Reply-To: <0b5eed49-986a-d40e-7df9-971a47cb500e@FreeBSD.org> References: <CAGBxaXkVQNE6deyWs9JXh9vqmKz8tLc9HfqC8ZmBLrK2jv7p3A@mail.gmail.com> <0b5eed49-986a-d40e-7df9-971a47cb500e@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 14, 2019 at 6:50 AM Matthew Seaman <matthew@freebsd.org> wrote: > On 14/09/2019 08:39, Aryeh Friedman wrote: > > My ~/.ssh/authorized_keys files works fine on a machine that is not in my > > NIS domain but when I copy my id_rsa.pub (which is what I did to create > the > > non-NIS authorized_keys) to my NIS account and give it the same > permissions > > as the working machine it insists on asking for a password. > > > > ssh faraway (non-NIS machine) > > does not ask for a password > > but > > ssh nearby (NIS machine) does > > > > Both have identical authorized keys and both (and their parent dirs) are > > set to 644. Both machines are FreeBSD 11 and the machine doing the ssh > > call is FreeBSD 12 > > > > Check the ownership / permissions on ~/.ssh on the machine where key > based auth is not working -- sshd will refuse to use authorized_keys if > it thinks permissions are too loose. > I don't think you can make them any tighter then this and not get errors: aryeh% id uid=1001(aryeh) gid=1001(aryeh) groups=1001(aryeh),0(wheel),1003(aegis) aryeh% ls -ld .ssh drwx------ 2 aryeh aryeh 512 Sep 14 06:49 .ssh aryeh% ls -l .ssh total 16 -rw------- 1 aryeh aryeh 792 Sep 14 05:02 authorized_keys -rw------- 1 aryeh aryeh 1675 Aug 30 11:09 id_rsa -rw------- 1 aryeh aryeh 396 Aug 30 11:09 id_rsa.pub -rw------- 1 aryeh aryeh 545 Sep 14 03:19 known_hosts > Also check for authorized_keys related settings in /etc/ssh/sshd_config > -- it is not uncommon to require authorized_keys to be installed in some > centralized, root owned directory that individual users don't have write > access to. > I am using the default out of the box /etc/sshd_config for 11 and 12 that has only two uncommented out configs: AuthorizedKeysFile .ssh/authorized_keys Subsystem sftp /usr/libexec/sftp-server So unless I am reading the first one completely wrong then it uses ~user/.ssh/authorized_keys which is what the ls above is of. > Cheers, > > Matthew > > -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGBxaXmyX-YT4=1aH5dCRT4sj0H1ZMxnOnKO4ctVf=vtWqY=5Q>