Need to sftp with automatic login from 1 aix machine to another, the id on the target is a DCE(DFS) id

Pat Cornick cornick at us.ibm.com
Wed Jun 6 23:25:57 EST 2007 

Hi Darren,

Thanks for your help on this.  We will be changing the id to a local AIX id
to get this to work.
Take care.

Regards,
Pat



                                                                           
             Darren Tucker                                                 
             <dtucker at zip.com.                                             
             au>                                                        To 
                                       Pat Cornick/Endicott/IBM at IBMUS      
             06/04/2007 06:11                                           cc 
             PM                        openssh-unix-dev at mindrot.org        
                                                                   Subject 
                                       Re: Need to sftp with automatic     
                                       login from 1 aix machine to         
                                       another, the id on the target is a  
                                       DCE(DFS) id                         
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Pat Cornick wrote:
> Hi,
>
> I had a question and can not find out on the web where anyone might have
> done this.  I am sftping
> between one AIX machine and another using automatic login.  I have
created
> the id_rsa.pub on the
> source server and added it to the /.ssh/authorized_keys file on the
target
> server.  The problem we
> are having seems to be that because the target id is a DCE(DFS) id and
it's
> home directory is
> /fs/home/bondbpex  instead of /home/bondbpex it can't find the
> /.ssh/authorized_keys file.

As long as getpwnam() and friends return the correct home dir that
should work.

> The
> permissions on the .ssh directory is 700 and the authorized_keys file is
> 600.  Is this possible to be able
> to do this?  Thanks for any help you can give me.

Is the home directory not mounted until the user presents a kerberos
ticket or a password that can get one?  If so then sshd isn't going to
be able to read the authorized_keys file in the user's home dir.

What you can do is set AuthorizedKeysFile in sshd_config to point to a
local filesystem (eg /etc/ssh/keys or something) but that's a
system-wide parameter so it will affect all users.  It would not be hard
to make the Match keyword in recent versions support AuthorizedKeysFile
but at the moment it doesn't.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list