Kevin,

We had same issue two weeks ago.
A server was rebuilt, SSH wasn't working.

The directory, as recreated, was group writable. SSH/SFTP wasn't having it. Once we removed the permission to write, the logins worked.

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Matt Lavinder
Sent: Thursday, August 17, 2017 10:06 AM
To: Midrange Systems Technical Discussion
Subject: Re: SSH madness

Kevin -

Thank you very much! Figured it out. I have no idea how I overlooked it but it there was a write permission on his home directory for groups.
Removed that and it worked immediately. Very helpful when you have something that tells you EXACTLY what the issue is.

Of course, now I feel like a moron for stressing how I “checked and double checked”. 😲 I guess I was so focused on the keys and the .ssh folder I managed to overlook the home directory itself. (SSH) Tunnel vision. <--see what I did there

Thanks for all the suggestions and tips!


On Thu, Aug 17, 2017 at 8:01 AM, Kevin Bucknum <Kevin@xxxxxxxxxxxxxxxxxxx>
wrote:

Shut down the sshd daemon and then run it manually with the -d flag.
Then post the output here. NOTE: only one client will be able to
attempt to connect. So make sure no one else is trying at the time.
Some general instructions can be found here:
https://wiki.midrange.com/ index.php/SSH#Diagnosing_Problems





Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Matt Lavinder
Sent: Thursday, August 17, 2017 6:17 AM
To: Midrange Systems Technical Discussion
Subject: Re: SSH madness

I have disabled password authentication. I was just trying to narrow
it
down
to public key authentication only. It works with the password but
does
not
work with public key

On Thu, Aug 17, 2017 at 6:57 AM Tim Bronski <tim.bronski@xxxxxxxxx>
wrote:

Since you haven't restricted your SSH server to public-key-only
then any client can choose to offer a password if they have one.
Most clients choose to try key before password if they have one
but that can be changed on the client. Perhaps the mac client has
set password to be their preferred option. I'm not a mac person
but for an openssh client you can check out their config file and
verify what they have for the PreferredAuthentications setting. The order matters.

--
Need sFTP or PGP? Download your native sFTP or OpenPGP solutions here:
www.arpeggiosoftware.com

On 8/16/2017 11:59 PM, Matt Lavinder wrote:
We are trying to give a new employee access to the PASE/Bash
command
shell
via Terminal. I have added his Mac’s RSA key to the
authorized_keys file, but it still will not let them connect.
It will let them connect with a password, but that is not what we want.

For the life of me, I cannot figure out what is different
between the way they are configured and I am. This all works
for me when using my key
and
my profile. If I add my Mac's key to their authorized_keys
file, it will not let me connect either (yes, I used their user name).

I have a lot more system authorities than the new employee does,
but I can’t imagine why that would be the issue.

Is there a specific authority a user needs to be able to
communicate with the SSHD?

Does anyone have any other ideas?

--
Need sFTP or PGP? Download your native sFTP or OpenPGP solutions here:
www.arpeggiosoftware.com

---
This email has been checked for viruses by AVG.
http://www.avg.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take
a moment to review the archives at
http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD

--
Sent from mobile device. Please excuse typos and brevity.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-
l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD





This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].