From owner-freebsd-questions@freebsd.org Sat Sep 14 11:21:09 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B2F1CF1418 for ; Sat, 14 Sep 2019 11:21:09 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46Vqnc4jC3z3M14 for ; Sat, 14 Sep 2019 11:21:08 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([188.102.97.67]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.167]) with ESMTPA (Nemesis) id 1MLzSD-1hrhib0Jf7-00HwoV; Sat, 14 Sep 2019 13:21:04 +0200 Date: Sat, 14 Sep 2019 13:20:59 +0200 From: Polytropon To: Aryeh Friedman Cc: FreeBSD Mailing List Subject: Re: OT: My ssh authorized_keys doesn't work with nfs/nis Message-Id: <20190914132059.207eef7e.freebsd@edvax.de> In-Reply-To: References: <0b5eed49-986a-d40e-7df9-971a47cb500e@FreeBSD.org> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:BoXz+LUwU72eYjFvZLShIouimbsDt7ejF+1JDSxOj7hjX8A/gdI I1Pkp36GfCuaRJUyE0vOLuNuDFt5Dc7wSMcLyW2fPmNK1h9pBr0VFIbFKIS2AWlxEIfOM6P natxGXA/HHjBN4iyCHhaKeEUgvcO7OyvGwR9tdRVuEEUInXROUZkDa2V7pRltAD1YilUkt1 TGyIHamP2N/8xUbsPz2vQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:Nw7omSQ64gc=:up83BNDeHt8JUdCHfItIuS e2ihh1sPgLE+zN+WNBm/jyxQsp4m1K1nEL8z/jtmn7la5ypSm7+EazN4jpCnj+YxegUIxNLJx 8PTuRLzqxWwmFF2F9gJgPbab7zLwGZBN5Kwmcev42gt6llz0sMOYheqnOsGQCNK+6AKnnW01A TPKdaN65j/nBqN2fKVGQ0nSUOJBdDYEAV73crXyd1SXkhCw4OXklcg1FnY/Cb4XTZeRLWb1M3 yqcXIkBfr1y7eFsqlB021QICUWJE9xRrTLkH0IGbJ9hX61RbATqrZ27tmcFOUUFJjNq8e4MjF L7NKZi+Ct8DGGKydxfsMeiodJqnecM8YGrQbK2Vwi20O9aNTu2TFvocRRWAxaGv0NIG5tlTDK Yukh+/JBFcJm069fBiJRkI2Vkl98iyUCFN/musoqwXcjChHqh8lmVad2RQWIc6gwyWLnpH5/j mhfJBBmIARRbwfOBdsoYQGRLKzmNllfwHaetd5MboU4meV84LAN8z7kFJWNcqVCHocFr8YTBB wrVvw9PTNx69OaKxOpp5ofzpFo4hhgQQPVBtK7Tb8fdE1G4FZWhth9mOk80vW5sEMHcvz9kbg ovKz9+4qH7o4CgEO0N9acAMpQ6+pKOBb3qASivURF0h8xm2C8Ho+HlKnDrhKGyPtgiuHwEos1 tqi16Acw/ql9biKQjhPUgtOCE57jYpnx+kokSKHR4FjygGEy4HAA9xo3wxjij88ymvC3FHXdx dX7jfOb9uZ+sjA2bALaK5L9IwcUhDQRSxrFxMUOu9iOqCjrlcIndWn0LU8JUdvAD6rW45h2jc dFV13TejPVIv3rkBiiHoHuCWOPbqbtL066Kl+EW/9X3QxBtdFmD8X4eKtwudO/lGejXWwVizr j9RkZQXJXoW3dorFxwa4DlIn426cBoMwCCpZYrAE8= X-Rspamd-Queue-Id: 46Vqnc4jC3z3M14 X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 212.227.126.131) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [4.68 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; RCVD_TLS_LAST(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[67.97.102.188.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.80)[0.801,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.99)[0.993,0]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[131.126.227.212.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(0.49)[ip: (1.69), ipnet: 212.227.0.0/16(-1.37), asn: 8560(2.15), country: DE(-0.01)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Sep 2019 11:21:09 -0000 On Sat, 14 Sep 2019 07:09:17 -0400, Aryeh Friedman wrote: > I am using the default out of the box /etc/sshd_config for 11 and 12 that > has only two uncommented out configs: > > AuthorizedKeysFile .ssh/authorized_keys > Subsystem sftp /usr/libexec/sftp-server > > So unless I am reading the first one completely wrong then it uses > ~user/.ssh/authorized_keys which is what the ls above is of. >From "man 5 sshd_config": AuthorizedKeysFile Specifies the file that contains the public keys that can be used for user authentication. AuthorizedKeysFile may contain tokens of the form %T which are substituted during connection setup. The following tokens are defined: %% is replaced by a literal '%', %h is replaced by the home directory of the user being authenticated, and %u is replaced by the username of that user. After expansion, AuthorizedKeysFile is taken to be an absolute path or one relative to the user's home directory. The default is ``.ssh/authorized_keys''. Maybe you can try to use "%h/.ssh/authorized_keys" or, if it applies, "/usr/home/%u/.ssh/authorized_keys" to check if this is a path problem? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...