HPE Community
Operating System - Linux
1832647 Members
2825 Online
110043 Solutions
New Discussion

Re: $HOME .ssh2 moving config files elsewhere ?

 
Thomas Ritter
Respected Contributor

‎03-01-2009 03:01 PM

‎03-01-2009 03:01 PM

$HOME .ssh2 moving config files elsewhere ?


We host OpenSSH on a linux cluster. We have a NFS file system mounted and find we cannot use
public key authentication if the user's $HOME resides on NFS.

On another SSH2 system we have the controls to move( using ssh2_config) /.ssh2 to any location one decides.
Has anyone moved the default location for authorized_keys etc elsewhere ? Any surprises ?

$ uname -a
Linux secret 2.4.21-52.ELsmp #1 SMP Tue Sep 25 15:13:04 EDT 2007 i686 i686 i386 GNU/Linux
$ rpm -qa|grep openssh
openssh-server-3.6.1p2-33.30.14
openssh-3.6.1p2-33.30.14
openssh-clients-3.6.1p2-33.30.14
0 Kudos
Reply
4 REPLIES 4
Steven Schweda
Honored Contributor

‎03-01-2009 03:31 PM

‎03-01-2009 03:31 PM

Re: $HOME .ssh2 moving config files elsewhere ?

> [...] find we cannot use [...]

Uh, "find" how, exactly? Do you know what
the actual problem is? Owner? Permissions?
Something else? "[C]annot use" is not a
useful description either of what you did or
what happened when you did it.
0 Kudos
Reply
Thomas Ritter
Respected Contributor

‎03-01-2009 03:36 PM

‎03-01-2009 03:36 PM

Re: $HOME .ssh2 moving config files elsewhere ?

Could we be mistaken about PKA and NFS ?
The techos who did the problem solving concluded that NFS is the problem. At this stage I can only take that on face value. However by moving the home directory off NFS enabled Public Key Authentication to function.
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎03-01-2009 04:17 PM

‎03-01-2009 04:17 PM

Re: $HOME .ssh2 moving config files elsewhere ?

> The techos who did the problem solving
> concluded that NFS is the problem.

That's nice, but I can't see any of their
evidence (or reasoning, if any).

> [...] I can only take that on face value.

If you take it at all. (I wouldn't.)

It may be that there's something about your
NFS configuration which causes some (unknown)
kind of problem, but with only "someone said"
as information, it's tough to do more than
speculate. And I've already started to do
that. I do know that SSH is sensitive to
file ownership and permissions, and NFS could
possibly mess with those things, but it
shouldn't need to. So, perhaps avoiding NFS
will help, but I doubt that NFS is
intrinsically fatal to SSH.

It might help to have some actual information
showing what went wrong with SSH in the NFS
situation. Like, say, the transcript of a
failing "ssh" command with a "-v" option,
and, if that doesn't reveal all, any related
complaints in the system log file(s) on the
SSH server system.


> Any surprises ?

The biggest surprise may be not finding the
SSH files in the usual place, which, while
not fatal, may eventually waste more of
people's time than solving the real problem
would.
0 Kudos
Reply
macosta
Trusted Contributor

‎03-02-2009 03:07 PM

‎03-02-2009 03:07 PM

Re: $HOME .ssh2 moving config files elsewhere ?

Not having access to review your system or see log files, I can only guess at the problem, but OpenSSH can and does take security precautions based on when/how a disk is mounted.

For example, I've seen installations that didn't allow me to use pubkey auth because the user $HOME had a symlink in it's path.

There may be an option to turn that safety checking off, assuming it is that cause.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.