Date: Sat, 14 Sep 2019 08:40:59 -0400 From: Aryeh Friedman <aryeh.friedman@gmail.com> To: Polytropon <freebsd@edvax.de> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: OT: My ssh authorized_keys doesn't work with nfs/nis Message-ID: <CAGBxaX=-Nfq-M_PmHpzfujvh2YiKVQ2E96LZNp%2BtmdgrY%2BMdqw@mail.gmail.com> In-Reply-To: <20190914143635.95f83f06.freebsd@edvax.de> References: <CAGBxaXkVQNE6deyWs9JXh9vqmKz8tLc9HfqC8ZmBLrK2jv7p3A@mail.gmail.com> <0b5eed49-986a-d40e-7df9-971a47cb500e@FreeBSD.org> <CAGBxaXmyX-YT4=1aH5dCRT4sj0H1ZMxnOnKO4ctVf=vtWqY=5Q@mail.gmail.com> <20190914132059.207eef7e.freebsd@edvax.de> <CAGBxaXmt1bH78sbGJzbLoAvzSN9mRfbWW89AFjQpuiXG9DVrCA@mail.gmail.com> <20190914143635.95f83f06.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 14, 2019 at 8:36 AM Polytropon <freebsd@edvax.de> wrote: > On Sat, 14 Sep 2019 07:36:26 -0400, Aryeh Friedman wrote: > > On Sat, Sep 14, 2019 at 7:21 AM Polytropon <freebsd@edvax.de> wrote: > > > > > On Sat, 14 Sep 2019 07:09:17 -0400, Aryeh Friedman wrote: > > > > I am using the default out of the box /etc/sshd_config for 11 and 12 > that > > > > has only two uncommented out configs: > > > > > > > > AuthorizedKeysFile .ssh/authorized_keys > > > > Subsystem sftp /usr/libexec/sftp-server > > > > > > > > So unless I am reading the first one completely wrong then it uses > > > > ~user/.ssh/authorized_keys which is what the ls above is of. > > > > > > From "man 5 sshd_config": > > > > > > AuthorizedKeysFile > > > Specifies the file that contains the public keys that can > be > > > used > > > for user authentication. AuthorizedKeysFile may contain > > > tokens > > > of the form %T which are substituted during connection > setup. > > > The following tokens are defined: %% is replaced by a > literal > > > '%', %h is replaced by the home directory of the user > being > > > authenticated, and %u is replaced by the username of that > > > user. > > > After expansion, AuthorizedKeysFile is taken to be an > absolute > > > path or one relative to the user's home directory. The > > > default > > > is ``.ssh/authorized_keys''. > > > > > > Maybe you can try to use "%h/.ssh/authorized_keys" or, if it applies, > > > "/usr/home/%u/.ssh/authorized_keys" to check if this is a path problem? > > > > > > > Neither idea works and I don't think we are using the same version of > sshd > > (your must be from ports or something mine is from base)... [...] > > It is. :-) > > > > > [...] because the > > same section of the man page reads nothing like what you posted: > > > > AuthorizedKeysFile > > Specifies the file that contains the public keys used for > user > > authentication. The format is described in the > AUTHORIZED_KEYS > > FILE FORMAT section of sshd(8). Arguments to > > AuthorizedKeysFile > > accept the tokens described in the TOKENS section. After > > expansion, AuthorizedKeysFile is taken to be an absolute > path > > or > > one relative to the user's home directory. Multiple files > may > > be > > listed, separated by whitespace. Alternately this option > may > > be > > set to none to skip checking for user keys in files. The > > default > > is ".ssh/authorized_keys .ssh/authorized_keys2". > > I assume the documentation source listed there will tell you > roughly the same. Maybe the keys path wasn't constructed as > required? > Unless the default config file shipped with FreeBSD is fundimentally broken (which it is not becaue it *DOES* work on a host that has no NFS/NIS.... [the orgininal post showed the results of it two different machines with the only difference is "nearby" uses nfs/nis to mount home dirs and manage login ids and "faraway" does not... both are using default configs that where installed by bsdinstall at the time of system install and untouched by me ever since).... so I am willing to catagorically rule out path issues because same files in the same location on two different machines behave differently with the same config. -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGBxaX=-Nfq-M_PmHpzfujvh2YiKVQ2E96LZNp%2BtmdgrY%2BMdqw>