Brian wrote:
> Tomasz Chmielewski wrote:
>> Greg Wooledge wrote:
>>> On Wed, Sep 06, 2006 at 12:10:48PM +0200, Tomasz Chmielewski wrote:
>>>> I have a problem with logging in using keys (on Debian).
>>>> Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file
>>>> /home/checkuser/.ssh/authorized_keys
>>>> Sep 6 11:56:13 thecus sshd[18730]: debug1: restore_uid: 0/0
>>>> Sep 6 11:56:13 thecus sshd[18730]: debug1: temporarily_use_uid:
>>>> 1001/1001 (e=0/0)
>>>> Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file
>>>> /home/checkuser/.ssh/authorized_keys2
>>> ls -ld / /home /home/checkuser /home/checkuser/.ssh
>>> ls -ld /home/checkuser/.ssh/authorized_keys*
>>>
>>> I bet one or more of these directories/files has group write permission
>>> on it.

>> Nope, all directories/files, starting from /home/checkuser, have only
>> user permissions.


Stupid me!

/home/checkuser/.ssh had only r+w permissions, no +x, so the user with
UID!=0 couldn't even look into that directory, not to say open the
key... (where root had no problems).

And I did so many configuration and pam changes, tests etc.!

Partly, I could blame OpenSSH: if the permissions are too excessive, it
will report it in logs.
If it has too little permissions, it will erroneously say that the key
is invalid...

Thanks all for help, I should have pasted "ls -ld /home/..." here; but I
learned a bit about OpenSSH, too.

--
Tomasz Chmielewski
http://wpkg.org