× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2017

Re: SSH madness

Kevin -

Thank you very much! Figured it out. I have no idea how I overlooked it
but it there was a write permission on his home directory for groups.
Removed that and it worked immediately. Very helpful when you have
something that tells you EXACTLY what the issue is.

Of course, now I feel like a moron for stressing how I “checked and double
checked”. 😲 I guess I was so focused on the keys and the .ssh folder I
managed to overlook the home directory itself. (SSH) Tunnel vision. <--see
what I did there

Thanks for all the suggestions and tips!


On Thu, Aug 17, 2017 at 8:01 AM, Kevin Bucknum <Kevin@xxxxxxxxxxxxxxxxxxx>
wrote:

Shut down the sshd daemon and then run it manually with the -d flag. Then
post the output here. NOTE: only one client will be able to attempt to
connect. So make sure no one else is trying at the time. Some general
instructions can be found here: https://wiki.midrange.com/
index.php/SSH#Diagnosing_Problems





Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Matt Lavinder
Sent: Thursday, August 17, 2017 6:17 AM
To: Midrange Systems Technical Discussion
Subject: Re: SSH madness

I have disabled password authentication. I was just trying to narrow it
down
to public key authentication only. It works with the password but does
not
work with public key

On Thu, Aug 17, 2017 at 6:57 AM Tim Bronski <tim.bronski@xxxxxxxxx>
wrote:

Since you haven't restricted your SSH server to public-key-only then
any client can choose to offer a password if they have one. Most
clients choose to try key before password if they have one but that
can be changed on the client. Perhaps the mac client has set password
to be their preferred option. I'm not a mac person but for an openssh
client you can check out their config file and verify what they have
for the PreferredAuthentications setting. The order matters.

--
Need sFTP or PGP? Download your native sFTP or OpenPGP solutions here:
www.arpeggiosoftware.com

On 8/16/2017 11:59 PM, Matt Lavinder wrote:
We are trying to give a new employee access to the PASE/Bash command
shell
via Terminal. I have added his Mac’s RSA key to the authorized_keys
file, but it still will not let them connect. It will let them
connect with a password, but that is not what we want.

For the life of me, I cannot figure out what is different between
the way they are configured and I am. This all works for me when
using my key
and
my profile. If I add my Mac's key to their authorized_keys file, it
will not let me connect either (yes, I used their user name).

I have a lot more system authorities than the new employee does, but
I can’t imagine why that would be the issue.

Is there a specific authority a user needs to be able to communicate
with the SSHD?

Does anyone have any other ideas?

--
Need sFTP or PGP? Download your native sFTP or OpenPGP solutions here:
www.arpeggiosoftware.com

---
This email has been checked for viruses by AVG.
http://www.avg.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take
a moment to review the archives at
http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

--
Sent from mobile device. Please excuse typos and brevity.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at http://archive.midrange.com/midrange-
l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD





As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.