[CentOS] ssh with shared home dir

Todd Denniston Todd.Denniston at tsb.cranrdte.navy.mil
Fri Oct 22 20:08:23 UTC 2010

Tim Dunphy wrote, On 10/22/2010 03:30 PM:
> hmm.. ok then gordon thanks for the input! how do these permissions grab ya?
> [bluethundr at LCENT01 ~]$ ls -alh | grep .ssh
> -rw-------   1 bluethundr summitnjops    70 Oct 17 14:04 .lesshst
> drwx------   2 bluethundr summitnjops   512 Oct 22 14:06 .ssh
> [bluethundr at LCENT01 ~]$ ls -lah .ssh
> total 34K
> drwx------   2 bluethundr summitnjops  512 Oct 22 14:06 .
> drwx------ 106 bluethundr summitnjops 5.5K Oct 22 14:44 ..
> -rw-------   1 bluethundr summitnjops  820 Oct 22 14:19 authorized_keys
> -rw-------   1 bluethundr summitnjops 1.7K Oct 22 14:18 id_rsa
> -rw-r--r--   1 bluethundr summitnjops  403 Oct 22 14:18 id_rsa.pub
> -rw-r--r--   1 bluethundr summitnjops  20K Oct 22 14:47 known_hosts
> [bluethundr at LCENT01 ~]$

An experiment for you...

1) NFS v3
2) on the NFS server the file system is named '/exportedfilesytem'
3) have root on both machines
4) on the NFS client the file system is mounted such that it contains bluethundr's home directory
5) root_squash is in play

On the NFS server
grep $MYNFSFS /etc/exports
grep $MYNFSFS /etc/exports | grep -v no_root_squash
#if you get a line back then root on the client machine is being squashed.
man exports #search down for root_squash

On the NFS client (virt1)
login as root
cd ~bluethundr/.ssh/
#you may have just gotten an error.
ls -lah ~bluethundr/.ssh/*
#you may have just gotten an error.
cat ~bluethundr/.ssh/authorized_keys
#you _have_ just gotten an error, and this is the one that stops you IIRC.

1) Consider tightening up perms on id_rsa.pub & known_hosts
2) Open up the _read_ perms on authorized_keys
3a) IIRC you _may_ also have to open up the _read_ perms on ~/.ssh
3b) IIRC you _may_ also have to open up the exec perms on ~/.ssh
If you have to do one of 3a or 3b, try each individually and only give as much as you have to.

Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

More information about the CentOS mailing list