only root without password

Fede Rico fede_home at yahoo.it
Fri Dec 19 20:44:15 EST 2008


Hi Michael,
yes, the permissions and the owners are ok. I checked it. In the strace file, when I use the "oracle" user, I didn't fine any "permission denied".
So I think the problem should be in some other side (pam, security, and so on).



--- Ven 19/12/08, Michael Loftis <mloftis at wgops.com> ha scritto:

> Da: Michael Loftis <mloftis at wgops.com>
> Oggetto: Re: only root without password
> A: fede_home at yahoo.it, openssh-unix-dev at mindrot.org
> Data: Venerdì 19 dicembre 2008, 10:16
> make sure the directory and file are owned by the user.  the
> directory 
> especially has to be the right mode.  0700 on ~/.ssh owned
> by the user. 
> key files i think it wants them to not be writeable by
> others.  The SSH 
> daemon must also be able to access the keyfiles - usually
> root can but in 
> some weird setups (EG with ACLs) it might be inaccessible
> to root.
> 
> --On December 19, 2008 2:12:38 AM +0000 Fede Rico
> <fede_home at yahoo.it> 
> wrote:
> 
> > Hi all,
> > I have a very strange problem with the public key
> authentication with 2
> > machines.
> > I generated the key, configured the authorized_keys
> etc.. etc.. This is
> > all ok, now:
> > The ssh works without the password for the
> "root" user, any other user
> > cannot use the key and ssh ask me for the password !!
> > I cannot understand why only the root is able to
> connect without the
> > password. So, the ssh works and I think there is a
> wrong config file but I
> > cannt find it !!!!
> > Just to understand the issue, let's see the strace
> of sshd daemon. As you
> > can see when the root connect the sshd reads the key
> file, but when
> > another user try to connect, sshd open the file and
> the close it without
> > read the key......
> > Any ideas??
> >
> > Federico
> >
> > ***********
> > for the root:
> > 26728 read(4,
> "root:x:0:rootnbin:x:1:root,bin,d"..., 4096) = 946
> > 26728 read(4, "", 4096) = 0
> > 26728 close(4) = 0
> > 26728 munmap(0xb7dce000, 4096) = 0
> > 26728 setgroups32(7, [0, 1, 2, 3, 4, 6, 10]) = 0
> > 26728 getgroups32(0, NULL) = 7
> > 26728 getgroups32(7, [0, 1, 2, 3, 4, 6, 10]) = 7
> > 26728 setgroups32(7, [0, 1, 2, 3, 4, 6, 10]) = 0
> > 26728 setresgid32(-1, 0, -1) = 0
> > 26728 setresuid32(-1, 0, -1) = 0
> > 26728 stat64("/root/.ssh/authorized_keys",
> {st_mode=S_IFREG|0600,
> > st_size=1664, ...}) = 0
> > 26728 open("/root/.ssh/authorized_keys",
> O_RDONLY|O_LARGEFILE) = 4
> > 26728 lstat64("/root",
> {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
> > 26728 lstat64("/root/.ssh",
> {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
> > 26728 lstat64("/root/.ssh/authorized_keys",
> {st_mode=S_IFREG|0600,
> > st_size=1664, ...}) = 0
> > 26728 lstat64("/root",
> {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
> > 26728 fstat64(4, {st_mode=S_IFREG|0600, st_size=1664,
> ...}) = 0
> > 26728 stat64("/root/.ssh",
> {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
> > 26728 stat64("/root", {st_mode=S_IFDIR|0750,
> st_size=4096, ...}) = 0
> > 26728 fstat64(4, {st_mode=S_IFREG|0600, st_size=1664,
> ...}) = 0
> > 26728 mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_ANONYMOUS,
> > -1, 0) = 0xb7dce000
> > 26728 read(4, "ssh-dss
> AAAAB3NzaC1kc3MAAACBALxI"..., 4096) = 1664
> > 26728 setresuid32(-1, 0, -1) = 0
> >
> > ***************
> > and for another user:
> > 23996 read(4,
> "root:x:0:rootnbin:x:1:root,bin,d"..., 4096) = 946
> > 23996 read(4, "", 4096) = 0
> > 23996 close(4) = 0
> > 23996 munmap(0xb7e7c000, 4096) = 0
> > 23996 setgroups32(2, [501, 502]) = 0
> > 23996 getgroups32(0, NULL) = 2
> > 23996 getgroups32(2, [501, 502]) = 2
> > 23996 setgroups32(2, [501, 502]) = 0
> > 23996 setresgid32(-1, 501, -1) = 0
> > 23996 setresuid32(-1, 501, -1) = 0
> > 23996
> stat64("/u1/oracle/.ssh/authorized_keys",
> {st_mode=S_IFREG|0644,
> > st_size=836, ...}) = 0
> > 23996
> open("/u1/oracle/.ssh/authorized_keys",
> O_RDONLY|O_LARGEFILE) = 4
> > 23996 lstat64("/u1", {st_mode=S_IFDIR|0777,
> st_size=4096, ...}) = 0
> > 23996 lstat64("/u1/oracle",
> {st_mode=S_IFDIR|0774, st_size=4096, ...}) = 0
> > 23996 lstat64("/u1/oracle/.ssh",
> {st_mode=S_IFDIR|0700, st_size=4096,
> > ...}) = 0
> > 23996
> lstat64("/u1/oracle/.ssh/authorized_keys",
> {st_mode=S_IFREG|0644,
> > st_size=836, ...}) = 0
> > 23996 lstat64("/u1", {st_mode=S_IFDIR|0777,
> st_size=4096, ...}) = 0
> > 23996 lstat64("/u1/oracle",
> {st_mode=S_IFDIR|0774, st_size=4096, ...}) = 0
> > 23996 fstat64(4, {st_mode=S_IFREG|0644, st_size=836,
> ...}) = 0
> > 23996 stat64("/u1/oracle/.ssh",
> {st_mode=S_IFDIR|0700, st_size=4096, ...})
> > = 0
> > 23996 stat64("/u1/oracle",
> {st_mode=S_IFDIR|0774, st_size=4096, ...}) = 0
> > 23996 close(4) = 0
> > 23996 time(NULL) = 1229609500
> > 23996 open("/etc/localtime", O_RDONLY) = 4
> >
> >
> >
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> >
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
> 
> 
> -- 
> "Genius might be described as a supreme capacity for
> getting its possessors
> into trouble of all kinds."
> -- Samuel Butler


      


More information about the openssh-unix-dev mailing list