[CentOS] ssh with shared home dir

Tim Dunphy bluethundr at gmail.com
Sat Oct 23 02:29:53 UTC 2010


cd ~bluethundr/.ssh/

[bluethundr at VIRTCENT01 ~]$ ls -al | grep .ssh
-rw-------   1 bluethundr 1005       70 Oct 17 14:04 .lesshst
drwxr-xr-x   2 bluethundr 1005      512 Oct 22 14:06 .ssh
-rw-r--r--   1 bluethundr 1005     1047 Sep 16 01:22 sshd-prop.txt
[bluethundr at VIRTCENT01 ~]$ ls -lh .ssh
total 28K
-rw-r--r-- 1 bluethundr 1005 2.9K Oct 22 21:49 authorized_keys
-rw------- 1 bluethundr 1005 1.7K Oct 22 21:48 id_rsa
-rw-r--r-- 1 bluethundr 1005  400 Oct 22 21:48 id_rsa.pub
-rw-r--r-- 1 bluethundr 1005  20K Oct 22 15:59 known_hosts

[root at VIRTCENT01 ~]# cd ~bluethundr/.ssh/
[root at VIRTCENT01 .ssh]# ls -lah ~bluethundr/.ssh/*
-rw-r--r-- 1 bluethundr 1005 2.9K Oct 22 21:49
/home/bluethundr/.ssh/authorized_keys
-rw------- 1 bluethundr 1005 1.7K Oct 22 21:48 /home/bluethundr/.ssh/id_rsa
-rw-r--r-- 1 bluethundr 1005  400 Oct 22 21:48 /home/bluethundr/.ssh/id_rsa.pub
-rw-r--r-- 1 bluethundr 1005  20K Oct 22 15:59 /home/bluethundr/.ssh/known_hosts
[root at VIRTCENT01 .ssh]# cat ~bluethundr/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1vQJFa+RDUrqzcnQrzTR7wm3bPGI7cnAX3crAj9KFM3sxuSTP18ZE1V3N7aQ7dju0BJli1PfR/EnlKM/xAybvn4N2yH0bxiKuQwx7M0SvhXy3PUAJu8AuRBGag9yyG0fqJ0lWhcbrKbGwFxYsfpfpLp501Fs5pqqKRSJl4IM5Kv11QcM0ZXLEiJwByiz6vLSBgBxZG3MSgF03F2+gRZbQkPVECAg7e3mValoiZB0K5m3tjMFCr8FZoVVbz4J16fKgIc4WfRFcKTuGEDt3I0agDhosFMVpAvZV4WRYIIpg7nkYpKkIlqSX+GYH+7RPlh2QNQyvS+I0+XOXSdqkP62aQ==
bluethundr at LCENT01.summitnjhome.com
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtLqML4TD+qE+L544ofOPFPnSUjnG/XIet66K1vvPot+sH81zxeZQgJeREcsOjYUrnApzigd+QudfCGRsNgQ7nFAPUX3edp0Ssi7GCeVTRiBcxYIcVMXm6Fgt2ERyAy0GPdpZCS+R2iKTBgESUo0kQXglm8Jkvlbc8/MDOOEAUiyHBKfOpUPe30qMtYtByNorNWjJz+v1jnGV+T2PVhsHIVpfT501YkHmRVspPy765nEoF9HKQtxc5UOClMCbYrd8R/J7mgtr2RAhFr3lj0dRfVM75hPhI/5qONmomoAoMSdz/c4pjrNlu6MbZV9m8tFi89AviyRkdu0kZt8F6QeJOQ==
bluethundr at VIRTCENT02
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApnUSYyrM96qIBZKjwSNYycgeSv/BVQTjK7EHqPE1Lv3LLs0ixV9pOXvHMq3YCZHHmgyxwizShnt7MKWFcYPI02ywGHFPawvCM2hIqSwn7kH0KfraHO1Vt+zfcPVsqSo2Mw79cYezVvFYzbSSxCY6O00mZ5PWReyVuOn9Fb/uH/xCzKk9OsCpfCEmNF2YrLCfZvfAATgv7QmIRfsAa+ttLzUELGrfn/n+Xj8K/xqV8C71KPuf8s1OSf/19PLZedv2xSA2KU/OUekAc0gu1HNsC23gLTO7DSasW9y1LStWRryTbpn3UHcwQXlCuw2VtWGkrBCAaLEyG2rE8NIcBOsfHQ==
bluethundr at lbsd8-2.summitnjhome.com
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEAvidMglwWPpVBS5DQn983zpDX4HJl9ENErG6mL5bz1BHTv89i
CrnjwCCHWwZAGTlYqzH/u0+s96CS0LrrZTyJRYBbG4770IZIHN5GEk3Yj867qGcv
hBA3GLVBVgaH3MSdZU/EByXOANOxVtDq2OOtkfTRZHxYReNxSZtZCUO3dhiMYKPs
sISCGHDgyUBzqQJP+RtHrPvtS+GzkBfH7y6ilhlCi8Z7Cs9jef6NKiiMeSyv5x2r
QhMFwM0T+Ny2AO0kcA1up3zZ7OnTU28KhO5E9XvK82hnPA6uKWJvyDTsIZn27XPu
/KuAG7V+xgbd3VH4NCAKn8ZJ+DRAIxQEX41IjQIBIwKCAQAVu1kzeD0Od3UtNR8o
NsSMotbX0o9PHaFyytEqAp+F82ioNPVDDe4klgDXM+oRguWP6HT/dtHwah9oT+Bj
V2AlMz2cv+JDt5M2f81+b0vzLZHKGmvUlCONy5JwO0K6JRlNaDOpC6KDwGwJ6/2V
IVWqR91qkd4z33qpU5UloVbLqtYVj3Pr98N0UjDy/b+aaNSQH8QxB8GV8HinY8yX
fhw/IIOq4rrJDR4oN937t2w+5ikUhAyO75ZkkOUq7m8/7k25/X81aAHydaOCUy9X
mxVuFrBKR8b1lmxX0hsUlkR+hREv8+RcWcxumQmHYVajm8i4MA262sVQdLCWoTfv
+NBbAoGBAPHraRn5TWirlr0CN/W67z7lYRFqiaNVdQLi1DBDYMj/txN99G2BB8br
KE/YHsRsEED60Dq6gKfHzZC3atGR3GR16UbFM51bj89myuCoL3EPitIZcmXgP+lW
W54GjLqYwXPVTvDUJCYue3hAyiWLNguJ4GQvfIRWNC9G68XIDtZ/AoGBAMk4k5xm
fyszCvd43DFm/c0mpEGVbmwWdJD0mll+PmJuBa72kisqlNSu7Wb3hNTmvod4ygKk
4foJC64Jy5b/q5feug7O+yuH1K04TEueMdhiqnJQAfR26pDSmGTNhVo1zCy0jvAA
dZ0lfvMkqQI6iNBemy5NT4ciAwe2JZUjvVLzAoGAfGpwkQPeqtvnH2A6CVjSz+Ou
Q3iejoO4hSQynHpsSh0cUyrVeiUZ8UW89dzcn4gIW+60O3XbxABbFznB6B8g4zVT
ZjmIQkxYloyi2fAYZgf+QCpYFyLfCkmrddd7kyn9Fv/8tl54/bGBU8mMiFY5DT+X
+QJ6jTOlzyvJtixfZv8CgYEAmzpF/E8RpPt9fRQXk9Mbj6F3ZcsMCj01WeFD3qM3
cIDCjkku7hmIwVO+dADFjkuaSz/sSy689BWbS75p2uJ9DsHCuvdxTXdpjPDqZjg1
FKPikrK/rfVV3W9CXGQHyT9xntRuRB2cjyuN0YKuQ4w9qA53tgEgF8nH0r+2l586
R00CgYBMiwcYZxf7aWNd4eUaVSuGPu6bVG/epyKvc5NIVbEGkcx3XOu0Ly0i8K4j
HeEiztRlp1dJ9231KBKtsRCjZNlwh6NGY+DOU8IGXZMRDYTYbFHJ5yAoAqAeVGrn
NQO4VuDMKI6u5ZxwuvmP8f8lG1F9EWukp++Rt3FXy0qy9d4TrQ==
-----END RSA PRIVATE KEY-----


[bluethundr at nas ~]$ grep $MYNFSFS /etc/exports
/mnt/nas -alldirs -mapall=root -network 192.168.1.0 -mask 255.255.255.0

[bluethundr at nas2 /]$ grep $MYNFSFS /etc/exports
/mnt/store -alldirs -mapall=root -network 192.168.1.0 -mask 255.255.255.0

[bluethundr at nas2 /]$ grep $MYNFSFS /etc/exports
/mnt/home -mapall=root -network 192.168.1.0 -mask 255.255.255.0


yes I did cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys...

I enabled    IdentityFile ~/.ssh/id_rsa and    RSAAuthentication yes

in /etc/ssh/ssh_config and

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys


in /etc/ssh/sshd_config

still failed... :(

[bluethundr at VIRTCENT02 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[bluethundr at VIRTCENT02 ~]$ ssh virt1
bluethundr at virt1's password:
Last login: Fri Oct 22 22:31:41 2010 from 192.168.1.2

the only thing left I can think of is that bluethundr is an LDAP user.
can THAT prevent the user from logging in with keys? Also, the root
user key has been exported across the network and can login without a
password...


this is mighty puzzling!!

On Fri, Oct 22, 2010 at 8:42 PM, Robert Heller <heller at deepsoft.com> wrote:
> At Fri, 22 Oct 2010 14:38:37 -0400 CentOS mailing list <centos at centos.org> wrote:
>
>>
>> hey listers!
>>
>> silly quesion: if I generate an RSA key on an NFS shared home
>> directory, then cat >> it into the .ssh/authorized_keys file in the
>> same location, shouldn't I then be able to ssh into each host that
>> shares the NFS home directory without entering a passphrase (assuming
>> the key doesn't have one)? and assuming the permissions on the
>> authorized_keys file belong to the user with mode 600?
>
> Yes.  This works quite well.
>
>>
>> thanks!
>> tim
>>
>
> --
> Robert Heller             -- 978-544-6933 / heller at deepsoft.com
> Deepwoods Software        -- http://www.deepsoft.com/
> ()  ascii ribbon campaign -- against html e-mail
> /\  www.asciiribbon.org   -- against proprietary attachments
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!



More information about the CentOS mailing list