RE: [Jailkit-users] authorized_keys quthentication when in jail?

jailkit-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Jailkit-users] authorized_keys quthentication when in jail?

From:	Peter Lauda
Subject:	RE: [Jailkit-users] authorized_keys quthentication when in jail?
Date:	Wed, 30 May 2007 08:45:45 -0400

Thanks Olivier,

I did check that the perms were as you noted before posting. The problem is
a little deeper and I have fixed it. 
The issue seems to have been that the perms in the tree had to have 'other'
read permission to work. The home directories for the jail'd users are in
nfs fs's. root has 'other' access to nfs mounts, so, I had to open it up a
little. Once I did that... ticky boo! Every thing is up and working.

Thanks to all who responded. It was an interesting exercise in
troubleshooting.

--p

-----Original Message-----
From: Olivier Sessink [mailto:address@hidden
Sent: Tuesday, May 29, 2007 5:21 PM
To: address@hidden
Subject: Re: [Jailkit-users] authorized_keys quthentication when in
jail?

Peter Lauda wrote:
> All,
> 
> I've been trying to get public key authentication running between two
> systems using the jailkit to lock down access in addition to this. I've
had
> the jail working succesfuly for some time now using sftp exclusively. We
now
> need to allow a specific site access using ssh/rsync. I've tested and
> corected a few things to get regular public key exchange login to work but
I
> can't seem to get the jailkit pieces to do the same. 
> 
> I've set debugging to DEBUG in sshd_config and I see it trying to read the
> authorized_keys file in the users home directory. I doesn't give any
failure
> but the mechanism doesn't function and the password promp always pops up.
> 
> Does anyone have a doc on how to accomplish this? I've read through a
bunch
> already that are howto's for ssh and rsync but they don't cover what to
look
> at when things go wrong. The home directories of the 'jailed' users IS nfs
> mounted but I HAVE set the perms on the files/directories to be world
> readable so that root can read the nfs mounted file(s). Anything else to
> look for?

the most common problem with ssh key authentication is the ownership and 
permissions of the home directory and the .ssh subdirectory and its 
files. They all must be owned by the user. Openssh sshd requires the 
.ssh directory to be 0700 (rwx------) and the files (especially the 
authorized_keys file) to be 0600 (rw-------). This has nothing to do 
with jailkit, but this is the most common problem.

can you check this?

regards,
        Olivier

b.t.w. for an easy check: change the shell from jk_chrootsh into bash 
and test if public key authentication works.

_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-users] authorized_keys quthentication when in jail?, Peter Lauda, 2007/05/29
- Re: [Jailkit-users] authorized_keys quthentication when in jail?, antoine fink, 2007/05/29
- Re: [Jailkit-users] authorized_keys quthentication when in jail?, Olivier Sessink, 2007/05/29
- RE: [Jailkit-users] authorized_keys quthentication when in jail?, Peter Lauda <=

Prev by Date: Re: [Jailkit-users] authorized_keys quthentication when in jail?
Next by Date: [Jailkit-users] Unable to start any programs
Previous by thread: Re: [Jailkit-users] authorized_keys quthentication when in jail?
Next by thread: [Jailkit-users] Unable to start any programs
Index(es):
- Date
- Thread