HPE Community
Operating System - HP-UX
1837257 Members
2398 Online
110115 Solutions
New Discussion

SSH key generation / home directory

 
SOLVED
Go to solution
GBR
Regular Advisor

‎04-20-2007 01:47 AM

‎04-20-2007 01:47 AM

SSH key generation / home directory

Good day,

Can any one tell me why when I change a users home directory on the client server that my password-less login doesn't work anymore? I have moved all the appropriate keys to the new home directory and have verified permissions are correct (I have also regenerated the keys to see if that was the problem). Does the .ssh directory always need to be in /home/user/? I'm trying to change the home directory of the user to /var/data/.

Thanks,
Greg
0 Kudos
5 REPLIES 5
Geoff Wild
Honored Contributor

‎04-20-2007 01:51 AM

‎04-20-2007 01:51 AM

Solution

Re: SSH key generation / home directory

Did you update the /etc/passwd file?

Also, /home is typically 755 but var is 555 - that could cause an issue...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Denver Osborn
Honored Contributor

‎04-20-2007 04:02 AM

‎04-20-2007 04:02 AM

Re: SSH key generation / home directory

What are permissions of /var/data, /var/data/.ssh and /var/data/.ssh/authorized_keys?

/var/data and /var/data/.ssh should be owned by the user and can't be group or world writable. (unless you setup sshd_config with 'StrictModes no' - wouldn't recommend it)

Check permissions.

-denver
0 Kudos
Steven Schweda
Honored Contributor

‎04-20-2007 04:17 AM

‎04-20-2007 04:17 AM

Re: SSH key generation / home directory

"ssh -v [...]" might tell you something
about who is unhappy and why.
0 Kudos
GBR
Regular Advisor

‎04-20-2007 04:20 AM

‎04-20-2007 04:20 AM

Re: SSH key generation / home directory

Folks, thanks.

After reading your comments, I spent some time really analysing the permissions. I had world writable permissions on the home directory.

# chmod 755 homeDir

This did the trick.

Greg
0 Kudos
Ralph Grothe
Honored Contributor

‎04-20-2007 04:30 AM

‎04-20-2007 04:30 AM

Re: SSH key generation / home directory

Should make no difference, I would think,
if the dir containing the keys was in some other place, as long as the ownership and mode bits for this dir are secure in SSH's view.
But you may have to tell your ssh client where it will find the keys now,
and probably also where the known_hosts file can be found now (unless you run with -o stricthostkeychecking=no, but who wants to do that)

e.g.

$ ssh -l remote_user -i /var/data/id_rsa_something -o userknownhostsfile=/var/data/known_hosts remote_host remote_cmd

Please, look what the real filename of the *private* keyfile looks like.
This is what needs to be passed to -i or -o identityfile=/path/id_rsa_realname

Though it may work if you provide all the extra options,
using strange locations for ssh client's config makes things really awkward.



Madness, thy name is system administration
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.