We have a process for logging into a remote Mac or linux computer using ssh without a password. It looks something like this in the terminal:
Create a pair of rsa keys:
... then copy that .ssh folder to your home directory on the remote machine. Easy as pie.cd; mkdir -p .ssh; ssh-keygen -N '' -C '' -f .ssh/id_rsa
But one of our users couldn't make it work. His .ssh folder contents and permissions were identical to the other users, but it still wouldn't work. We even tried copying another user's .ssh folder over and using that. Still no joy.
An obscure posting on some unix help website gave us the answer: his home directory was group-writeable. Once we did a "chmod g-w ~" in his account, and rebuilt the .ssh folder (who knows why we had to do that), everything was back in business. SSH is notoriously particular about the permissions in the .ssh folder, but apparently it is also particular about the user's home directory as well.
Somebody out there needs this, I hope they find it here.
1 comment:
Note, the key to making password-less logins work is with a public/private key pair, the public key has to be on the remote side in the "authorized_keys" file that matches the private key stored locally.
I learn something new every day.
Post a Comment