This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: SSH and Remote Key authentication
- From: Igor Pechtchanski <pechtcha at cs dot nyu dot edu>
- To: Norman Vine <nhv at cape dot com>
- Cc: cygwin at cygwin dot com
- Date: Sun, 15 Feb 2004 19:12:51 -0500 (EST)
- Subject: Re: SSH and Remote Key authentication
- References: <EKEJIKAILPONGGENMBGAMEPFGGAA.nhv@cape.com>
- Reply-to: cygwin at cygwin dot com
First off, if I'm reading the debug output correctly, sshd is complaining
about the ownership of the home directory *on the server*. Is $HOST a
remote machine, or your local (Windows/Cygwin) one?
If $HOST is your local Cygwin machine, note the '+'s after the modes in
the ls output. They indicate that there are ACLs on the directories not
directly mappable to the normal Unix modes. The output of "getfacl ~
~/.ssh" should show what those are. If "StrictModes" is set in your sshd
config, your home directory should not be writable by anyone but you, and
your ~/.ssh should not be readable, writable, or executable by anyone but
you.
Lastly, again if $HOST is the local Cygwin machine, make sure "ntsec" is
set in the CYGWIN environment variable for sshd (or, rather, that it's not
turned off by "nontsec").
Igor
P.S. You *did* use the supported way (i.e., ssh-host-config) to set up
your Cygwin sshd server, right?
On Sun, 15 Feb 2004, Norman Vine wrote:
> Hi all
>
> I am trying to use SSH remote key authentication
> It appears as if the remote $HOST does not like
> the permissions on my home dir
>
> Any guidance appreciated
> TIA
> Norman
>
> $ cd ~
>
> $ ls -ld
> drwxr-xr-x+ 21 $USER None 32768 Feb 13 06:29 .
>
> $ ls -ld .ssh
> drwx------+ 3 $USER None 4096 Feb 12 13:49 .ssh
>
> $ ssh -v $USER@$HOST
> OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
> debug1: Reading configuration data /home/$USER/.ssh/config
> debug1: Reading configuration data /etc/ssh_config
> debug1: Connecting to $HOST [128.128.109.18] port 22.
> debug1: Connection established.
> debug1: identity file /home/$USER/.ssh/identity type 0
> debug1: identity file /home/$USER/.ssh/id_rsa type 1
> debug1: identity file /home/$USER/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
> debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
> debug1: Local version string SSH-1.5-OpenSSH_3.7.1p2
> debug1: Waiting for server public key.
> debug1: Received server public key (768 bits) and host key (1024 bits).
> debug1: Host '$HOST' is known and matches the RSA1 host key.
> debug1: Found key in /home/$USER/.ssh/known_hosts:17
> debug1: Encryption type: 3des
> debug1: Sent encrypted session key.
> debug1: Installing crc compensation attack detector.
> debug1: Received encrypted confirmation.
> debug1: Trying RSA authentication with key '/home/$USER/.ssh/identity'
> debug1: Remote: Authentication refused: bad ownership or modes for directory /home/$USER
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> debug1: Server refused our key.
> debug1: Doing challenge response authentication.
> debug1: No challenge.
> debug1: Doing password authentication.
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha@cs.nyu.edu
ZZZzz /,`.-'`' -. ;-;;,_ igor@watson.ibm.com
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster." -- Patrick Naughton
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/