Re: SSH / permissions problem



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/13/2010 10:49 AM, Gary Stainburn wrote:
Hi folks,

This seems like de ja vu, but I can't find anything in the archives.

I've got F13 on my laptop, and also on a new virtual server.

I've copied my home directory from my old server to my new one and then tried
to ssh to the new server. However, I have a problem

If I ssh to root on the new server everything is fine, but if I ssh to my user
I get errors and X forwarding doesn't work.

Can anyone suggest things for me to look at / try.

Gary

[gary@dcomp5 ~]$ ssh -Y -C lcomp3 -l root
root@lcomp3's password:
Last login: Tue Jul 13 16:04:20 2010 from gary.ringways.co.uk
[root@lcomp3 ~]# kcalc
[root@lcomp3 ~]# logout
[gary@dcomp5 ~]$ ssh -Y -C lcomp3
gary@lcomp3's password:
Last login: Tue Jul 13 15:55:16 2010 from gary.ringways.co.uk
/usr/bin/xauth: timeout in locking authority file /home/gary/.Xauthority
[gary@lcomp3 ~]$ kcalc
X11 connection rejected because of wrong authentication.
kcalc: cannot connect to X server localhost:11.0
[gary@lcomp3 ~]$


If root works, but your local user does not, and you appear to have
gotten beyond the initial login sequence--it seemed to accept password
authentication in both cases--I would suspect something in one of your
~/.bash* files. I've been burned, multiple times, having something in
my .bashrc or .bash_profile that does something "interactive",
forgetting an ssh shell is batch.

I have the same problem when I try to do things in a cron job when I
forget a cron job is also batch.

I have carefully separated my .bash_profile and .bashrc file into those
parts I always want done and those parts that are interactive.

I place a check in my .bashrc file to prevent interactive stuff being
done in a batch job.

# check for shell is not interactive
[ -z "${PS1}" ] && return

As a "quick" test, could you save your .bash_profile and .bashrc files,
get the "default" files, and see if you can ssh in? The default files
should be found /etc/skel/.bash_profile and /etc/skel/.bashrc

Also, I strongly recommend you disable ssh root login and have people
first log into their own account and then su to root. To disable root
login, please look at /etc/ssh/sshd_config.
In this file, I have
PermitRootLogin no

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw8swIACgkQyc8Kn0p/AZRgbACffvA3UUlqVw4ICErb/H7NfLk0
8AcAoKe0WgTDz7OwcDb6gPjjXvjNxJz8
=K3YZ
-----END PGP SIGNATURE-----
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines



Relevant Pages

  • csh core dumping 7.0-rc1
    ... After rebooting a FreeBSD 7.0-RC1 server I noticed I could not login ... as root either via ssh or su, I initially thought I forgot my password ... Luckily I had enabled root login on sshd and added my ssh ... Loaded symbols for /lib/libncurses.so.7 ...
    (freebsd-current)
  • [Solution]Re: problem with remote login
    ... ssh from another server with public key identification ... root ... [Feb 12 17:49:32 Executing start method ...
    (comp.unix.solaris)
  • RE: Dead SSH Connections from script
    ... >> dead SSH connections around, ... root on one machine to access all other machines thru SSH as root. ... we have told all the client machines that our server is an ...
    (RedHat)
  • Re: bash_history set to zero length
    ... I log in to the server over ssh to carry out various tasks for which I ... sometimes have to su to root. ... Maybe one of these disconnects cause the bash_history to become lost? ...
    (comp.os.linux.security)
  • Re: PubkeyAuth disallowed for root only?
    ... On two of our RedHat EL4 Update 4 servers root cannot login via ssh using public keys. ... if you either run sshd in debug mode or increase LogLevel in sshd_config then the server will provide more information about why the authentication was denied. ...
    (SSH)