Printable View
Hi,
I need to copy a file on a remote pc automatically with a script.
I can't enter a password and i don't have a key file available.
I would like to use rcp (since i can't use scp) but i don't know where to
download it and my distribution doesn't provide it (cause it's too old i
guess).
Any other recommendations how i could get this file copied?
--
Thanks,
Ron
Ron Eggler wrote:[color=blue]
> Hi,
>
> I need to copy a file on a remote pc automatically with a script.
> I can't enter a password and i don't have a key file available.
> I would like to use rcp (since i can't use scp) but i don't know where to
> download it and my distribution doesn't provide it (cause it's too old i
> guess).
> Any other recommendations how i could get this file copied?[/color]
With rsync.
But any particular reason why you don't want to have a key file for scp?
Nikos Chantziaras wrote:
[color=blue]
> Ron Eggler wrote:[color=green]
>> Hi,
>>
>> I need to copy a file on a remote pc automatically with a script.
>> I can't enter a password and i don't have a key file available.
>> I would like to use rcp (since i can't use scp) but i don't know where to
>> download it and my distribution doesn't provide it (cause it's too old i
>> guess).
>> Any other recommendations how i could get this file copied?[/color]
>
> With rsync.
>
> But any particular reason why you don't want to have a key file for scp?[/color]
Nikos,
Yes, the reason is: The system is an embedded device inside a box and
doesn't haver any contact with the server before going online in
production. And once we go online we need this file from this embedded
system on our server since it contains data.
It would be nice if it would work with rsync. Can we specify the password as
well or how would it be trusted(Not asking for a password)?
Thanks!
Ron
Ron Eggler wrote:[color=blue]
> Nikos Chantziaras wrote:
>[color=green]
>> Ron Eggler wrote:[color=darkred]
>>> Hi,
>>>
>>> I need to copy a file on a remote pc automatically with a script.
>>> I can't enter a password and i don't have a key file available.
>>> I would like to use rcp (since i can't use scp) but i don't know where to
>>> download it and my distribution doesn't provide it (cause it's too old i
>>> guess).
>>> Any other recommendations how i could get this file copied?[/color]
>> With rsync.
>>
>> But any particular reason why you don't want to have a key file for scp?[/color]
>
> Nikos,
>
> Yes, the reason is: The system is an embedded device inside a box and
> doesn't haver any contact with the server before going online in
> production. And once we go online we need this file from this embedded
> system on our server since it contains data.
> It would be nice if it would work with rsync. Can we specify the password as
> well or how would it be trusted(Not asking for a password)?[/color]
What you use depends on your security requirements. If you are OK with
having the packets sent unencrypted over the network, then you can use
rsync or rcp.
However, if you need real security, with the transfer being encrypted,
then you won't be able to avoid using SSH (which means you'll need a
public/private key pair).
With that being said:
As I understand it, you need the embedded device to initiate the
ransfer, not the remote PC, and you need authentication but without
needing to specify a password. And the file in question is considered
"secret and important".
Well, the obvious solution is scp :P You generate a key pair (public
and private) without password-protecting them, put the public key on the
embedded device and the private key on the remote PC (and any other PCs
that need to transfer the file). scp will not ask for a password that
way, which means it works in non-interactive scripts. With:
scp -i file_where_private_key_is_stored
[email]username@hostname.of.embedded.devi[/email]ce:/home/username/myimportantfile
you get the file without being asked for a password. The user
initiating the transfer needs a readable keyfile of course.
If you really can't or don't want to use a key pair for scp, then your
other options are to either use rsync with a plain-text password file,
or use IP-based "authentication". The last one simply means to have an
FTP server on the embedded device that will only serve the file to
machines having a specific IP. As you can imagine, that's not really
secure.
Both solutions are not tied to any POSIX username (that is, to any users
in /etc/passwd).
rsync is a client-server solution (like scp/sftp and ftp). It's not
exactly for just serving files though. It's for syncing entire
directories and transferring only the differences. But it does the job
and has a very small memory footprint.
To use rsync, you need the embedded device to run the rsync daemon
(server). File transfers can be initiated from both sides; embedded and
remote PC. You configure rsync in the embedded device to serve a
specific directory in read-only mode (so that the remote PC can't
upload, only download).
On the remote PC, you can get the files in the remote directory with
something like:
rsync -a --delete --password-file file_containing_the_password
[email]rsyncUsername@embedded.host[/email]namte::Label
directory_where_you_want_to_download_into
The net is full with guides on how to set up rsync. Fortunately, rsync
is almost trivial to set up so it's not going to be painful to
understand the guides.
If you only wish to use IP-based "authentication" without passwords,
than you can simply use FTP with the remote PC's IP being the only IP
allowed to connect. But again, this is not secure; MAC addresses can be
spoofed and DHCP servers fooled (or misconfigured).
Nikos Chantziaras wrote:[color=blue]
> [...]
> As I understand it, you need the embedded device to initiate the
> ransfer, not the remote PC[/color]
Err, the other way around. I meant "you need the remote PC to initiate
the transfer, not the embedded device."
Nikos Chantziaras wrote:
[color=blue]
> Nikos Chantziaras wrote:[color=green]
>> [...]
>> As I understand it, you need the embedded device to initiate the
>> ransfer, not the remote PC[/color]
>
> Err, the other way around. I meant "you need the remote PC to initiate
> the transfer, not the embedded device."[/color]
I'm not sure if you understood my problem right. I have an embedded device
FROM which I need to send a file up to our central server.
rsync sounds good been looking into configuring it.
I put rsyncd on my "server" and it looks like:
[/etc/rsyncd.conf]
#### rsyncd.conf file ####
syslog facility = daemon
[test] #Module name could be any name
path = /home/reg
comment = test
max connection = 0
use chroot = true
timeout = 60
#### End of configuration file ####
[//etc/rsyncd.conf]
and I'm trying to send a file with:
rsync -avz log.txt [email]reg@192.168.0.39::test/log.txt[/email]
but all I'm getting is:
rsync --password-file ./pwd log.txt [email]reg@192.168.0.39::test/log.txt[/email]
@ERROR: auth failed on module test
rsync error: error starting client-server protocol (code 5) at main.c(1395)
[sender=2.6.9]
I'm sure the password is right tho. Not really sure what I'm missing... Any
further ideas?
Thank you!
Ron
--
chEErs roN
Ron Eggler wrote:
[color=blue]
> Nikos Chantziaras wrote:
>[color=green]
>> Nikos Chantziaras wrote:[color=darkred]
>>> [...]
>>> As I understand it, you need the embedded device to initiate the
>>> ransfer, not the remote PC[/color]
>>
>> Err, the other way around. I meant "you need the remote PC to
>> initiate the transfer, not the embedded device."[/color]
> I'm not sure if you understood my problem right. I have an embedded
> device FROM which I need to send a file up to our central server.
> rsync sounds good been looking into configuring it.
> I put rsyncd on my "server" and it looks like:[/color]
You do not need rsyncd running on the embedded device, sshd is enough.
Just put a valid public key of an appropriate user on the little box
and use rsync on the server.
I do this every day as a crontab entry in order to copy backup files on
an Asus WL-HDD NAS called stupidlittlebox:
amanda@noname> rsync -av /Backup/amanda --rsh=ssh
stupidlittlebox:/tmp/harddisk/Backup/
Sshd on the box is dropbear. Note that I do have an user amanda on
stupidlittlebox. If not I would have to specify another user. And make
sure port 22 is not blocked by a packet filter on the embedded
device, 'nmap stupidlittlebox' ;-)
If your transfer is triggered on the remote side by something happening
on the box (intrusion detection, battery getting low, no more milk in
the fridge or such) why do not simply use smtp to notify the server
with a mail message?
Günther
Günther Schwarz wrote:
[color=blue]
> Ron Eggler wrote:
>[color=green]
>> Nikos Chantziaras wrote:
>>[color=darkred]
>>> Nikos Chantziaras wrote:
>>>> [...]
>>>> As I understand it, you need the embedded device to initiate the
>>>> ransfer, not the remote PC
>>>
>>> Err, the other way around. I meant "you need the remote PC to
>>> initiate the transfer, not the embedded device."[/color]
>> I'm not sure if you understood my problem right. I have an embedded
>> device FROM which I need to send a file up to our central server.
>> rsync sounds good been looking into configuring it.
>> I put rsyncd on my "server" and it looks like:[/color]
>
> You do not need rsyncd running on the embedded device, sshd is enough.
> Just put a valid public key of an appropriate user on the little box
> and use rsync on the server.
> I do this every day as a crontab entry in order to copy backup files on
> an Asus WL-HDD NAS called stupidlittlebox:
> amanda@noname> rsync -av /Backup/amanda --rsh=ssh
> stupidlittlebox:/tmp/harddisk/Backup/[/color]
nope i think you misunderstood me. It should be:
test@martlittlebox>rsync -avz logfile
user@server:/directory/whereit/shouldgo/
and since i can't have a public key file from the little box on server, it
doesn't work with ssh.
Thanks for any further help!
[snip]
--
roN
Ron Eggler wrote:
[color=blue]
> nope i think you misunderstood me. It should be:
> test@martlittlebox>rsync -avz logfile
> user@server:/directory/whereit/shouldgo/
>
> and since i can't have a public key file from the little box on server, it
> doesn't work with ssh.
>
> Thanks for any further help!
>[/color]
Hi,
We have been doing this in an embedded system in the following way:
The system is running Tcl experiment scripts and one options is for
uploading log files to a host PC. It uses a simple tftp session:
tftp $SERVER -c put $yourfile $SERVER:/$dir/$yourfile
file permissions should be taken care off.
Another possible route the Tcl utility Expect perhaps.
Taco
taco wrote:
[color=blue]
> Ron Eggler wrote:
>
>[color=green]
>> nope i think you misunderstood me. It should be:
>> test@martlittlebox>rsync -avz logfile
>> user@server:/directory/whereit/shouldgo/
>>
>> and since i can't have a public key file from the little box on server,
>> it doesn't work with ssh.
>>
>> Thanks for any further help!
>>[/color]
> Hi,
>
> We have been doing this in an embedded system in the following way:
> The system is running Tcl experiment scripts and one options is for
> uploading log files to a host PC. It uses a simple tftp session:
>
> tftp $SERVER -c put $yourfile $SERVER:/$dir/$yourfile
>
> file permissions should be taken care off.
> Another possible route the Tcl utility Expect perhaps.
> Taco[/color]
Hi Taco,
I think I've settled on rsync for now. I have tried following:
[little device]
[litle client]
reg@NovaxPRG-T1111:/usr/share/NovaxTSP$ rsync --password-file=pwd log_record
root@192.168.101.3::PRG-LOG/
ERROR: module is read only
rsync error: syntax or usage error (code 1) at main.c(805) [receiver=2.6.9]
rsync: read error: Connection reset by peer (104)
rsync error: error in rsync protocol data stream (code 12) at io.c(605)
[sender=2.6.9]
[/little device]
[/etc/rsyncd.conf]
# Minimal configuration file for rsync daemon
# See rsync(1) and rsyncd.conf(5) man pages for help
# This line is required by the /etc/init.d/rsyncd script
pid file = /var/run/rsyncd.pid
use chroot = yes
# Simple example for enabling your own local rsync server
[PRG-LOG]
path = /usr/share/NovaxTSP/logs
comment = PRG logfile
[//etc/rsyncd.conf]
Any help would be appreciated! I don't know why it says the module is read
only, /usr/share/NovaxTSP is chmoded 777 and the user is root anyways.
--
Thanks!
Ron
Ron Eggler wrote:
[color=blue]
> Günther Schwarz wrote:
>[color=green]
>> Ron Eggler wrote:
>>[color=darkred]
>>> Nikos Chantziaras wrote:
>>>
>>>> Nikos Chantziaras wrote:
>>>>> [...]
>>>>> As I understand it, you need the embedded device to initiate the
>>>>> ransfer, not the remote PC
>>>>
>>>> Err, the other way around. I meant "you need the remote PC to
>>>> initiate the transfer, not the embedded device."
>>> I'm not sure if you understood my problem right. I have an embedded
>>> device FROM which I need to send a file up to our central server.
>>> rsync sounds good been looking into configuring it.
>>> I put rsyncd on my "server" and it looks like:[/color]
>>
>> You do not need rsyncd running on the embedded device, sshd is
>> enough. Just put a valid public key of an appropriate user on the
>> little box and use rsync on the server.
>> I do this every day as a crontab entry in order to copy backup files
>> on an Asus WL-HDD NAS called stupidlittlebox:
>> amanda@noname> rsync -av /Backup/amanda --rsh=ssh
>> stupidlittlebox:/tmp/harddisk/Backup/[/color]
>
> nope i think you misunderstood me.[/color]
I did not misunderstand you. I just proposed you to initiate the process
from the server which will be simpler and more easy. If this is not an
option and if rsync does not work on the box you will have to use
another protocol like smtp, smp, ftp, or tftp. Be aware that on some of
these boxes almost the entire filesystem is read-only which might
explain part of your difficulties.
Günther
Ron Eggler wrote:
[color=blue]
> Hi Taco,
>
> I think I've settled on rsync for now. I have tried following:
> [little device]
> [litle client]
> reg@NovaxPRG-T1111:/usr/share/NovaxTSP$ rsync --password-file=pwd
> log_record root@192.168.101.3::PRG-LOG/
> ERROR: module is read only
> rsync error: syntax or usage error (code 1) at main.c(805)
> [receiver=2.6.9] rsync: read error: Connection reset by peer (104)
> rsync error: error in rsync protocol data stream (code 12) at io.c(605)
> [sender=2.6.9]
> [/little device]
> [/etc/rsyncd.conf]
> # Minimal configuration file for rsync daemon
> # See rsync(1) and rsyncd.conf(5) man pages for help
>
> # This line is required by the /etc/init.d/rsyncd script
> pid file = /var/run/rsyncd.pid
> use chroot = yes
>
> # Simple example for enabling your own local rsync server
> [PRG-LOG]
> path = /usr/share/NovaxTSP/logs
> comment = PRG logfile
> [//etc/rsyncd.conf]
>
> Any help would be appreciated! I don't know why it says the module is read
> only, /usr/share/NovaxTSP is chmoded 777 and the user is root anyways.[/color]
Hi,
Not much experience with the rsync setup. Did you compile the embedded
filesystem yourself? perhaps using an etc/rsyncd.conf file like this:
uid = username
gid = usergid
pid file = /etc/rsyncd.pid
syslog facility = daemon
[your_module_name]
path = /path/to/yourdata
comment = user related any info
auth users = anonymous username
hosts allow = x.x.x.x
secrets file =/etc/rsyncd.secrets
max connection = 0
use chroot = true
timeout = 60
Playing around with all these options could perhaps work.The chroot and uid
etc. are the ones I would expect causing the trouble.
Taco
Günther Schwarz wrote:
[color=blue]
> Ron Eggler wrote:
>[color=green]
>> Günther Schwarz wrote:
>>[color=darkred]
>>> Ron Eggler wrote:
>>>
>>>> Nikos Chantziaras wrote:
>>>>
>>>>> Nikos Chantziaras wrote:
>>>>>> [...]
>>>>>> As I understand it, you need the embedded device to initiate the
>>>>>> ransfer, not the remote PC
>>>>>
>>>>> Err, the other way around. I meant "you need the remote PC to
>>>>> initiate the transfer, not the embedded device."
>>>> I'm not sure if you understood my problem right. I have an embedded
>>>> device FROM which I need to send a file up to our central server.
>>>> rsync sounds good been looking into configuring it.
>>>> I put rsyncd on my "server" and it looks like:
>>>
>>> You do not need rsyncd running on the embedded device, sshd is
>>> enough. Just put a valid public key of an appropriate user on the
>>> little box and use rsync on the server.
>>> I do this every day as a crontab entry in order to copy backup files
>>> on an Asus WL-HDD NAS called stupidlittlebox:
>>> amanda@noname> rsync -av /Backup/amanda --rsh=ssh
>>> stupidlittlebox:/tmp/harddisk/Backup/[/color]
>>
>> nope i think you misunderstood me.[/color]
>
> I did not misunderstand you. I just proposed you to initiate the process
> from the server which will be simpler and more easy. If this is not an
> option and if rsync does not work on the box you will have to use
> another protocol like smtp, smp, ftp, or tftp. Be aware that on some of
> these boxes almost the entire filesystem is read-only which might
> explain part of your difficulties.
>[/color]
Günther
I got the rsync server running and i am able to transfer files with it.
What I now wanna do is:
The first time I the script gets called, it creates an ssh key and rsyncs it
over to the server where i'll append it to the ~/.ssh/authorized_keys file
and then i'll delete the ASCII password file. Then i'll be able to access
the server by scp to copy files :) smart, eh? :)
Uhm, anyways, the file transfer seems to work but i don't get the key
working. :( I pasted the public key into ~/.ssh/authorized_keys and both
are using ssh2 but it doesn't seem to be working, any ideas where the
problem could be? I create the key with: ssh-keygen -N '' -t dsa -f
~/.ssh/id_rsa and copy then ~/.ssh/id_rsa.pub to the server where i do a
cat >> ~/.ssh/authorized_keys. Any ideas what could be wrong?
Thank you 1000! :)
If anyone wants to see my shell script:
#!/bin/bash
ping_args="-c 2 -w 2"
ip="192.168.101.3"
upload_dir="/usr/share/NovaxTSP/logs"
pwdfile="/usr/share/NovaxTSP/.pwd"
logfile="/usr/share/NovaxTSP/log_record"
keyfile="$HOME/.ssh/id_rsa"
sshdir="$HOME/.ssh"
# check argument to set the log file
if [ "$1" != "" ]; then
logfile=$1
fi
# ping twice for 2 seconds
ping $ping_args $ip
# if ping returns an error delete the log file
if [ "$?" == "1" ]; then
exit 1
fi
random=$RANDOM
num=0
let "random=$random%4"
# sleep randomly between 8 and 12 minutes
let "num=(60*($random+8))"
#sleep $num
echo "sleeping $num minutes"
# ping again to be sure
ping $ping_args $ip
# no ping, delete log
if [ "$?" == "1" ]; then
exit 1
fi
rm $keyfile #deleting keyfile so no user interaction is needed
ls $pwdfile #check if password file exists
if [ "$?" == "0" ]; then #if pwdfile exists (only first time!)
touch $logfile # create empty logfile in case it doesn't exist
mkdir $sshdir
chmod 700 $sshdir #create ~/.ssh directory
chmod 500 $pwdfile #set permissions so it can only be accessed by this
user
ssh-keygen -N '' -t dsa -f $keyfile #generate ssh key
#echo "----Public key----" >> $logfile #append a public key marker to the
end of the log message
cat $keyfile.pub >> $logfile #append the public key to the end of the log
message
rsync -av --password-file=$pwdfile $logfile
root@192.168.101.3::PRG-LOG/log_record-`hostname`
echo "rm $pwdfile"
#rm $pwdfile
#rm $logfile
exit 0
fi
tempfile="$logfile.tmp"
mv $logfile $tempfile
newfile="$logfile-`hostname`"
echo $newfile
# upload the log file
scp $tempfile $ip:$upload_dir/$newfile
# upload successful, delete log file
if [ "$?" == "0" ]; then
rm -f $tempfile
fi
--
chEErs roN
Ron Eggler wrote:
[color=blue]
> Günther Schwarz wrote:
>[color=green]
>> Ron Eggler wrote:
>>[color=darkred]
>>> Günther Schwarz wrote:
>>>
>>>> Ron Eggler wrote:
>>>>
>>>>> Nikos Chantziaras wrote:
>>>>>
>>>>>> Nikos Chantziaras wrote:
>>>>>>> [...]
>>>>>>> As I understand it, you need the embedded device to initiate the
>>>>>>> ransfer, not the remote PC
>>>>>>
>>>>>> Err, the other way around. I meant "you need the remote PC to
>>>>>> initiate the transfer, not the embedded device."
>>>>> I'm not sure if you understood my problem right. I have an embedded
>>>>> device FROM which I need to send a file up to our central server.
>>>>> rsync sounds good been looking into configuring it.
>>>>> I put rsyncd on my "server" and it looks like:
>>>>
>>>> You do not need rsyncd running on the embedded device, sshd is
>>>> enough. Just put a valid public key of an appropriate user on the
>>>> little box and use rsync on the server.
>>>> I do this every day as a crontab entry in order to copy backup files
>>>> on an Asus WL-HDD NAS called stupidlittlebox:
>>>> amanda@noname> rsync -av /Backup/amanda --rsh=ssh
>>>> stupidlittlebox:/tmp/harddisk/Backup/
>>>
>>> nope i think you misunderstood me.[/color]
>>
>> I did not misunderstand you. I just proposed you to initiate the process
>> from the server which will be simpler and more easy. If this is not an
>> option and if rsync does not work on the box you will have to use
>> another protocol like smtp, smp, ftp, or tftp. Be aware that on some of
>> these boxes almost the entire filesystem is read-only which might
>> explain part of your difficulties.
>>[/color]
> Günther
> I got the rsync server running and i am able to transfer files with it.
> What I now wanna do is:
> The first time I the script gets called, it creates an ssh key and rsyncs
> it over to the server where i'll append it to the ~/.ssh/authorized_keys
> file and then i'll delete the ASCII password file. Then i'll be able to
> access the server by scp to copy files :) smart, eh? :)
> Uhm, anyways, the file transfer seems to work but i don't get the key
> working. :( I pasted the public key into ~/.ssh/authorized_keys and both
> are using ssh2 but it doesn't seem to be working, any ideas where the
> problem could be? I create the key with: ssh-keygen -N '' -t dsa -f
> ~/.ssh/id_rsa and copy then ~/.ssh/id_rsa.pub to the server where i do a
> cat >> ~/.ssh/authorized_keys. Any ideas what could be wrong?
>
> Thank you 1000! :)
>[/color]
[snip]
/var/log/messages tells me following when i try to login:
Mar 18 09:49:13 NEMS sshd[20241]: Authentication refused: bad ownership or
modes for directory /root
Mar 18 09:49:14 NEMS sshd(pam_unix)[20246]: authentication failure; logname=
uid=0 euid=0 tty=ssh ruser= rhost=192.168.101.102 user=root
Mar 18 09:49:16 NEMS sshd[20241]: error: PAM: Authentication failure for
root from 192.168.101.102
I did a chmod -R 600 on the server's ".ssh" folder but this didn't seem to
help. How do the permissions need to be set? Or why does it say bad owner
ship or modes for directory /roo? why does the whole dir need to be in a
specific mode?
Thanks!
--
chEErs roN
Ron Eggler wrote:
[color=blue]
> Ron Eggler wrote:
>[color=green]
>> Günther Schwarz wrote:
>>[color=darkred]
>>> Ron Eggler wrote:
>>>
>>>> Günther Schwarz wrote:
>>>>
>>>>> Ron Eggler wrote:
>>>>>
>>>>>> Nikos Chantziaras wrote:
>>>>>>
>>>>>>> Nikos Chantziaras wrote:
>>>>>>>> [...]
>>>>>>>> As I understand it, you need the embedded device to initiate the
>>>>>>>> ransfer, not the remote PC
>>>>>>>
>>>>>>> Err, the other way around. I meant "you need the remote PC to
>>>>>>> initiate the transfer, not the embedded device."
>>>>>> I'm not sure if you understood my problem right. I have an embedded
>>>>>> device FROM which I need to send a file up to our central server.
>>>>>> rsync sounds good been looking into configuring it.
>>>>>> I put rsyncd on my "server" and it looks like:
>>>>>
>>>>> You do not need rsyncd running on the embedded device, sshd is
>>>>> enough. Just put a valid public key of an appropriate user on the
>>>>> little box and use rsync on the server.
>>>>> I do this every day as a crontab entry in order to copy backup files
>>>>> on an Asus WL-HDD NAS called stupidlittlebox:
>>>>> amanda@noname> rsync -av /Backup/amanda --rsh=ssh
>>>>> stupidlittlebox:/tmp/harddisk/Backup/
>>>>
>>>> nope i think you misunderstood me.
>>>
>>> I did not misunderstand you. I just proposed you to initiate the process
>>> from the server which will be simpler and more easy. If this is not an
>>> option and if rsync does not work on the box you will have to use
>>> another protocol like smtp, smp, ftp, or tftp. Be aware that on some of
>>> these boxes almost the entire filesystem is read-only which might
>>> explain part of your difficulties.
>>>[/color]
>> Günther
>> I got the rsync server running and i am able to transfer files with it.
>> What I now wanna do is:
>> The first time I the script gets called, it creates an ssh key and rsyncs
>> it over to the server where i'll append it to the ~/.ssh/authorized_keys
>> file and then i'll delete the ASCII password file. Then i'll be able to
>> access the server by scp to copy files :) smart, eh? :)
>> Uhm, anyways, the file transfer seems to work but i don't get the key
>> working. :( I pasted the public key into ~/.ssh/authorized_keys and both
>> are using ssh2 but it doesn't seem to be working, any ideas where the
>> problem could be? I create the key with: ssh-keygen -N '' -t dsa -f
>> ~/.ssh/id_rsa and copy then ~/.ssh/id_rsa.pub to the server where i do a
>> cat >> ~/.ssh/authorized_keys. Any ideas what could be wrong?
>>
>> Thank you 1000! :)
>>[/color]
> [snip]
> /var/log/messages tells me following when i try to login:
> Mar 18 09:49:13 NEMS sshd[20241]: Authentication refused: bad ownership or
> modes for directory /root
> Mar 18 09:49:14 NEMS sshd(pam_unix)[20246]: authentication failure;
> logname=
> uid=0 euid=0 tty=ssh ruser= rhost=192.168.101.102 user=root
> Mar 18 09:49:16 NEMS sshd[20241]: error: PAM: Authentication failure for
> root from 192.168.101.102
>
> I did a chmod -R 600 on the server's ".ssh" folder but this didn't seem to
> help. How do the permissions need to be set? Or why does it say bad owner
> ship or modes for directory /roo? why does the whole dir need to be in a
> specific mode?
>
> Thanks!
>[/color]
Alright, I got it. /root was set to 777 :o and now wonder it doesn't like
that so i made a chmod 644 and it works just fine now... :)
Thanks for any attempted help anyways. I'll probably come back anyways,
you're my favourite NG.
*thumbs up to everyone here* :)
--
chEErs roN
Ron Eggler <test@example.com> wrote:[color=blue]
> Alright, I got it. /root was set to 777 :o and now wonder it doesn't like
> that so i made a chmod 644 and it works just fine now... :)[/color]
If you mean the /root _directory_, you probably want "755" or even
"750" (NOT accessable by "other users"). Directories without
"search (x)" rights aren't all that usefull <grin>.
--
*******************************************************************
** Eef Hartman, Delft University of Technology, dept. SSC/ICT **
** e-mail: [email]E.J.M.Hartman@tudelft.nl[/email], fax: +31-15-278 7295 **
** snail-mail: P.O. Box 5031, 2600 GA Delft, The Netherlands **
*******************************************************************