[scponly] RSA Keys and scponly
Frank Mohr
f_mohr at yahoo.de
Sat Nov 5 17:14:28 EST 2005
Tim Churchard wrote:
> My scponlyc users cannot login, the server denies the public key
> everytime. At the moment I have the test username: scponlyctest and his
> chroot home directory is /mnt/share/rbup/scponlytest
>
> I had to create a
> .ssh directory in that test directory, I chown'd it to
> scponlytest:users and chmod to 0700 for the directory and 0600 for the
> authorized_keys and known_hosts files.
that shouldn't be necessary as the .ssh directory and authorized_keys
file may also belong to root, but your chown's shouldn't hurt
a known_hosts file is only needed for the ssh client
> Did I create the .ssh directory
> in the wrong place? (its just in the ~ directory)
it just has to be ~scponlyctest/.ssh
> Can somebody explain how using scponlyc to chroot users would effect the
> RSA key validation? Is there a howto or some docs somewhere I should read?
as the scponly/scponlyc shell doesn't interact with the ssh login
process, there should be no problem with the scponlyc shell
the /mnt/share/rbup/scponlytest directory sounds strange
is this a local disk or a nfs (or even smb?) mount ?
the authorized_keys file must be readable by root during the
authentication process and some network protocols prevent this
some hints:
- try to connect with scp -vvv and have a look at the debug output
- have a look at the syslog messages on the server
- as Lupe proposed:
start a sshd in debug mode with
sshd -ddd -p <some unused port>
and connect to this ssh server with
scp -vvv -P port
this should give you some more informations why the authenticaton
fails
frank
___________________________________________________________
Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de
More information about the scponly
mailing list