linux - Passwordless SSH works only in debug mode -

-

i have 2 machines, identical users, need passwordless ssh between them, have 2 users medya , orainst

medya home /home/medya/ orainst home /tools/appsw/oracle/orainst

i have set passwordless both of them ( yes swear did permissions, religiously ).

it works user in normal home directories (medya) not orainst.

and weirdest thing is, if run ssh server in debug mode, works both of users fine !!!

here log both ssh starting service , ssh starting debug

here fails :

debug1: trying public key file /tools/appsw/oracle/orainst/.ssh/authorized_keys debug1: not open authorized keys '/tools/appsw/oracle/orainst/.ssh/authorized_keys': permission denied debug1: restore_uid: 0/0 debug1: temporarily_use_uid: 500/500 (e=0/0) debug1: trying public key file /tools/appsw/oracle/orainst/.ssh/authorized_keys

here full log:

[root@ip-10-16-4-114 oracle]# service sshd start  starting sshd: debug1: sshd version openssh_5.3p1 debug1: read pem private key done: type rsa debug1: private host key: #0 type 1 rsa debug1: read pem private key done: type dsa debug1: private host key: #1 type 2 dsa debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' set /proc/self/oom_score_adj 0 -1000 debug1: bind port 22 on 0.0.0.0. server listening on 0.0.0.0 port 22. debug1: bind port 22 on ::. server listening on :: port 22. debug1: server not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 connection 10.16.4.113 port 56175 debug1: client protocol version 2.0; client software version openssh_5.3 debug1: match: openssh_5.3 pat openssh* debug1: enabling compatibility mode protocol 2.0 debug1: local version string ssh-2.0-openssh_5.3 debug1: permanently_set_uid: 74/74 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: ssh2_msg_kexinit sent debug1: ssh2_msg_kexinit received debug1: kex: client->server aes128-ctr hmac-md5 none debug1: kex: server->client aes128-ctr hmac-md5 none debug1: ssh2_msg_kex_dh_gex_request received debug1: ssh2_msg_kex_dh_gex_group sent debug1: expecting ssh2_msg_kex_dh_gex_init debug1: ssh2_msg_kex_dh_gex_reply sent debug1: ssh2_msg_newkeys sent debug1: expecting ssh2_msg_newkeys debug1: ssh2_msg_newkeys received debug1: kex done debug1: userauth-request user orainst service ssh-connection method none debug1: attempt 0 failures 0 debug1: pam: initializing "orainst" debug1: pam: setting pam_rhost "10.16.4.113" debug1: pam: setting pam_tty "ssh" debug1: userauth-request user orainst service ssh-connection method publickey debug1: attempt 1 failures 0 debug1: temporarily_use_uid: 500/500 (e=0/0) **debug1: trying public key file /tools/appsw/oracle/orainst/.ssh/authorized_keys debug1: not open authorized keys '/tools/appsw/oracle/orainst/.ssh/authorized_keys': permission denied debug1: restore_uid: 0/0 debug1: temporarily_use_uid: 500/500 (e=0/0) debug1: trying public key file /tools/appsw/oracle/orainst/.ssh/authorized_keys** debug1: not open authorized keys '/tools/appsw/oracle/orainst/.ssh/authorized_keys': permission denied debug1: restore_uid: 0/0 failed publickey orainst 10.16.4.113 port 56175 ssh2 connection closed 10.16.4.113 debug1: do_cleanup debug1: do_cleanup debug1: pam: cleanup

and log running ssh server in debug mode (when this, both users can passwordless ssh)

[root@ip-10-16-4-114 oracle]# /usr/sbin/sshd -d -p 2222 debug1: sshd version openssh_5.3p1 debug1: read pem private key done: type rsa debug1: private host key: #0 type 1 rsa debug1: read pem private key done: type dsa debug1: private host key: #1 type 2 dsa debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='2222' set /proc/self/oom_score_adj 0 -1000 debug1: bind port 2222 on 0.0.0.0. server listening on 0.0.0.0 port 2222. debug1: bind port 2222 on ::. server listening on :: port 2222. debug1: server not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 connection 10.16.4.113 port 47631 debug1: client protocol version 2.0; client software version openssh_5.3 debug1: match: openssh_5.3 pat openssh* debug1: enabling compatibility mode protocol 2.0 debug1: local version string ssh-2.0-openssh_5.3 debug1: permanently_set_uid: 74/74 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: ssh2_msg_kexinit sent debug1: ssh2_msg_kexinit received debug1: kex: client->server aes128-ctr hmac-md5 none debug1: kex: server->client aes128-ctr hmac-md5 none debug1: ssh2_msg_kex_dh_gex_request received debug1: ssh2_msg_kex_dh_gex_group sent debug1: expecting ssh2_msg_kex_dh_gex_init debug1: ssh2_msg_kex_dh_gex_reply sent debug1: ssh2_msg_newkeys sent debug1: expecting ssh2_msg_newkeys debug1: ssh2_msg_newkeys received debug1: kex done debug1: userauth-request user orainst service ssh-connection method none debug1: attempt 0 failures 0 debug1: pam: initializing "orainst" debug1: pam: setting pam_rhost "10.16.4.113" debug1: pam: setting pam_tty "ssh" debug1: userauth-request user orainst service ssh-connection method publickey debug1: attempt 1 failures 0 debug1: temporarily_use_uid: 500/500 (e=0/0) debug1: trying public key file /tools/appsw/oracle/orainst/.ssh/authorized_keys debug1: fd 4 clearing o_nonblock debug1: matching key found: file /tools/appsw/oracle/orainst/.ssh/authorized_keys, line 1 found matching rsa key: 6c:ab:f3:3b:68:c3:ed:f1:d6:ae:a5:f8:06:2f:d3:8c debug1: restore_uid: 0/0 debug1: ssh_rsa_verify: signature correct debug1: do_pam_account: called accepted publickey orainst 10.16.4.113 port 47631 ssh2 debug1: monitor_child_preauth: orainst has been authenticated privileged process debug1: temporarily_use_uid: 500/500 (e=0/0) debug1: ssh_gssapi_storecreds: not gssapi mechanism debug1: restore_uid: 0/0 debug1: selinux support enabled debug1: pam: establishing credentials debug1: temporarily_use_uid: 500/500 (e=0/0) debug1: ssh_gssapi_storecreds: not gssapi mechanism debug1: restore_uid: 0/0 user child on pid 6171 debug1: pam: establishing credentials debug1: permanently_set_uid: 500/500 debug1: entering interactive session ssh2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0 debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: allocating pty. debug1: session_new: session 0 debug1: session_pty_req: session 0 alloc /dev/pts/1 debug1: server_input_channel_req: channel 0 request env reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req env debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell

i believe true problem existence of symbolic link in path .ssh folder triggers check of permissions. similar how selinux requires authorized_keys file disallow group write access file (have chmod value of 600 essentially), enforces same rule .ssh folder , symbolic links in path authorized_keys file.

the answer here think good: https://unix.stackexchange.com/questions/152417/why-cant-i-use-public-private-key-authentication-with-ssh-on-arch-linux


Comments

Post a Comment

Popular posts from this blog

node.js - Mongoose: Cast to ObjectId failed for value on newly created object after setting the value -

-
this question has answer here: what's mongoose error cast objectid failed value xxx @ path “_id”? 7 answers even though has been asked many times because entity has no valid objectid field. i came across situation objectid set value can casted objectid still error. the schema: var serviceschema = parammongoose.schema({ servicename:{ type: parammongoose.schema.types.objectid , ref: 'servicenames',required:true } }); pseudo code: servicefromdb=new service({servicename:'some name'}); servicefromdb.servicename='000000000000000000000001'; servicefromdb.save(function(paramerror,paramdata){ if(paramerror){ console.log('but but...',servicefromdb,paramerror) } }); the output of code is: but but... { servicename: 000000000000000000000001, _id: 55079a90286f49280364f78b } { [casterror: cast objectid faile...
Read more

[C++][SFML 2.2] Strange Performance Issues - Moving Mouse Lowers CPU Usage -

-
i've been working on making 2d map editor past 2 weeks or so, , i've run strange problem. trying optimize code, example, making functions should've been functions begin with, did made cpu usage go through roof. i've tried commenting out different sections of code thought culprits (scrolling, rendering, other calculations) no avail. think issue might trying call things within different functions, sake of making modular possible, i'd functionality. the other major change i've made since file i'm comparing i've ported variables external cpp file, since having variables global makes lot easier use within different functions. simple issue, can't life of me understand why happens. with original code, around 2-3% cpu usage. new code, around 20-35%, but, if move mouse around, it'll drop around 6-8%. tl;dr: after trying optimize code using functions, i've somehow killed performance, , found strange quirk moving mouse reduces cpu usage.. /...
Read more

ios - Possible to get UIButton sizeThatFits to work? -

-
i have been using method of resizing uibuttons depreciated, , not robust. , other reasons, want sizethatfits work uibuttons. i've read online, i'm not sure if should work (seems working some, not others, difference maybe between style, i'm using custom). here simple test code recreate issue (i put in viewdidload test, shouldn't matter, , real code part of large project): uibutton *btn = [uibutton buttonwithtype:uibuttontypecustom]; [btn settitle:@"this test long title need word wrap more single line when displayed on tiny ipod in portrait view." forstate:uicontrolstatenormal]; btn.titlelabel.linebreakmode = uilinebreakmodewordwrap; // depreciated - nothing replace it? cgrect r = btn.frame; r.origin.x = 0; r.origin.y = 0; r.size.width = 320; r.size.height = [btn.titlelabel.text sizewithfont:btn.titlelabel.font constrainedtosize:cgsizemake(r.size.width,100000) linebreakmode:btn.titlelabel.linebreakmode].height; // returns approx 86 , changes correctly ...
Read more