Wednesday, April 28, 2010

Modes matter for password-less login

I typically setup keys to allow myself password-less access to remote development servers that I use all the time. Today the typical ssh-keygen/deploy public-key routine didn't work as expected. After deploying my public-key to the remote's authorized_keys, I still was getting prompted for a login.

Found this in /var/log/secure.

Apr 28 12:51:35 theserver sshd[16285]: Authentication refused: bad ownership or modes for directory /home/theuser

It turns out the the failure was due to the user's group permissions on the remote machine for two important folders. Both the home folder and the .ssh folder had the following permissions:

drwxrwx--- 36 theuser thegroup 4096 Apr 28 11:56 ..

chmod 700 for both /home/theuser and /home/theuser/.ssh fixed the problem.