Re: SSH / permissions problem



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/13/2010 10:49 AM, Gary Stainburn wrote:
Hi folks,

This seems like de ja vu, but I can't find anything in the archives.

I've got F13 on my laptop, and also on a new virtual server.

I've copied my home directory from my old server to my new one and then tried
to ssh to the new server. However, I have a problem

If I ssh to root on the new server everything is fine, but if I ssh to my user
I get errors and X forwarding doesn't work.

Can anyone suggest things for me to look at / try.

Gary

[gary@dcomp5 ~]$ ssh -Y -C lcomp3 -l root
root@lcomp3's password:
Last login: Tue Jul 13 16:04:20 2010 from gary.ringways.co.uk
[root@lcomp3 ~]# kcalc
[root@lcomp3 ~]# logout
[gary@dcomp5 ~]$ ssh -Y -C lcomp3
gary@lcomp3's password:
Last login: Tue Jul 13 15:55:16 2010 from gary.ringways.co.uk
/usr/bin/xauth: timeout in locking authority file /home/gary/.Xauthority
[gary@lcomp3 ~]$ kcalc
X11 connection rejected because of wrong authentication.
kcalc: cannot connect to X server localhost:11.0
[gary@lcomp3 ~]$


If root works, but your local user does not, and you appear to have
gotten beyond the initial login sequence--it seemed to accept password
authentication in both cases--I would suspect something in one of your
~/.bash* files. I've been burned, multiple times, having something in
my .bashrc or .bash_profile that does something "interactive",
forgetting an ssh shell is batch.

I have the same problem when I try to do things in a cron job when I
forget a cron job is also batch.

I have carefully separated my .bash_profile and .bashrc file into those
parts I always want done and those parts that are interactive.

I place a check in my .bashrc file to prevent interactive stuff being
done in a batch job.

# check for shell is not interactive
[ -z "${PS1}" ] && return

As a "quick" test, could you save your .bash_profile and .bashrc files,
get the "default" files, and see if you can ssh in? The default files
should be found /etc/skel/.bash_profile and /etc/skel/.bashrc

Also, I strongly recommend you disable ssh root login and have people
first log into their own account and then su to root. To disable root
login, please look at /etc/ssh/sshd_config.
In this file, I have
PermitRootLogin no

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw8swIACgkQyc8Kn0p/AZRgbACffvA3UUlqVw4ICErb/H7NfLk0
8AcAoKe0WgTDz7OwcDb6gPjjXvjNxJz8
=K3YZ
-----END PGP SIGNATURE-----
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines