ssh key rejection, permissions (was: [Linux-disciples] first question)

Adam Kessel linux-disciples@bostoncoop.net
Sat, 12 Jul 2003 14:09:47 -0400 

--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Taking a look at your bostoncoop account, you've got some weird going on:

bostoncoop:~>ls -al /home/ntrivedi

drwxr-xrwx   28 ntrivedi ntrivedi     4096 Jul 12 12:13 .
drwxrwsr-x   54 root     staff        4096 Jul  9 23:53 ..

=2E...

The first line there means that your account is world-writable.  I.e.,
anyone on bostoncoop can write to your directory.

Looking at the bostoncoop error log (/var/log/auth.log), I see:

Jul 12 13:58:50 bostoncoop sshd[21445]: Authentication refused: bad ownersh=
ip or modes for directory /maxtor/home/ntrivedi=20

I think ssh is refusing to recognize your key because security has been
compromised; your home directory is world writable. No good.

You can change it by logging into bostoncoop and typing:

chmod o-w .

This takes away world write permissions from your home directory.  You
could also do:

chmod o-rw .

Which would take away read and write permissions from the world from your
home directory.

I'm not sure how your directory got that way, but it's a bad way to be.

--Adam

On Sat, Jul 12, 2003 at 12:13:14PM -0400, Nirmal Trivedi wrote:
> OK, so I'll inaugurate myself with a question:
>=20
> I've just started having difficulty retrieving my mail off of bostoncoop
> (using fetchmail). I've also just started having to type my password when=
 I
> ssh into bostoncoop, even though I've been using a public-key authenticat=
ion.
> Are these two problems related?
>=20
> Here's my .fetchmailrc log
> --
> fetchmail: starting fetchmail 5.9.11 daemon
> Host key verification failed.^M
> fetchmail: socket error while fetching from mail.bostoncoop.net
> fetchmail: Query status=3D2 (SOCKET)
> fetchmail: awakened by User defined signal 1
> Host key verification failed.^M
> fetchmail: socket error while fetching from mail.bostoncoop.net
> fetchmail: Query status=3D2 (SOCKET)
> fetchmail: awakened by User defined signal 1
> fetchmail: 28 messages (28 seen) for ntrivedi at mail.bostoncoop.net.
>=20
> --Nirmal
>=20
> _______________________________________________
> Linux-disciples mailing list
> Linux-disciples@bostoncoop.net
> http://bostoncoop.net/mailman/listinfo/linux-disciples

--J/dobhs11T7y2rNN
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/EE7rdTf3ZklQ6qYRAtUCAKCT93DjPPky3B3KUBkjKOXMndl6LACgh5CW
70NhA39DkGm+tkI2kgt57B4=
=Jhg9
-----END PGP SIGNATURE-----

--J/dobhs11T7y2rNN--