Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs Date: Sun, 15 Feb 2004 19:12:51 -0500 (EST) From: Igor Pechtchanski Reply-To: cygwin AT cygwin DOT com To: Norman Vine cc: cygwin AT cygwin DOT com Subject: Re: SSH and Remote Key authentication In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Scanned-By: MIMEDefang 2.39 First off, if I'm reading the debug output correctly, sshd is complaining about the ownership of the home directory *on the server*. Is $HOST a remote machine, or your local (Windows/Cygwin) one? If $HOST is your local Cygwin machine, note the '+'s after the modes in the ls output. They indicate that there are ACLs on the directories not directly mappable to the normal Unix modes. The output of "getfacl ~ ~/.ssh" should show what those are. If "StrictModes" is set in your sshd config, your home directory should not be writable by anyone but you, and your ~/.ssh should not be readable, writable, or executable by anyone but you. Lastly, again if $HOST is the local Cygwin machine, make sure "ntsec" is set in the CYGWIN environment variable for sshd (or, rather, that it's not turned off by "nontsec"). Igor P.S. You *did* use the supported way (i.e., ssh-host-config) to set up your Cygwin sshd server, right? On Sun, 15 Feb 2004, Norman Vine wrote: > Hi all > > I am trying to use SSH remote key authentication > It appears as if the remote $HOST does not like > the permissions on my home dir > > Any guidance appreciated > TIA > Norman > > $ cd ~ > > $ ls -ld > drwxr-xr-x+ 21 $USER None 32768 Feb 13 06:29 . > > $ ls -ld .ssh > drwx------+ 3 $USER None 4096 Feb 12 13:49 .ssh > > $ ssh -v $USER@$HOST > OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003 > debug1: Reading configuration data /home/$USER/.ssh/config > debug1: Reading configuration data /etc/ssh_config > debug1: Connecting to $HOST [128.128.109.18] port 22. > debug1: Connection established. > debug1: identity file /home/$USER/.ssh/identity type 0 > debug1: identity file /home/$USER/.ssh/id_rsa type 1 > debug1: identity file /home/$USER/.ssh/id_dsa type 2 > debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1 > debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1* > debug1: Local version string SSH-1.5-OpenSSH_3.7.1p2 > debug1: Waiting for server public key. > debug1: Received server public key (768 bits) and host key (1024 bits). > debug1: Host '$HOST' is known and matches the RSA1 host key. > debug1: Found key in /home/$USER/.ssh/known_hosts:17 > debug1: Encryption type: 3des > debug1: Sent encrypted session key. > debug1: Installing crc compensation attack detector. > debug1: Received encrypted confirmation. > debug1: Trying RSA authentication with key '/home/$USER/.ssh/identity' > debug1: Remote: Authentication refused: bad ownership or modes for directory /home/$USER > ^^^^^^^^^^^^^^^^^^^^^^^^^^^ > debug1: Server refused our key. > debug1: Doing challenge response authentication. > debug1: No challenge. > debug1: Doing password authentication. -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! "I have since come to realize that being between your mentor and his route to the bathroom is a major career booster." -- Patrick Naughton -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/