guys awesome advice!! I will try your suggestions sometime tonight, I am backing up the virtual network at the moment and it is therefore shutdown until the backup is done. thanks !! tim On Fri, Oct 22, 2010 at 4:08 PM, Todd Denniston <Todd.Denniston at tsb.cranrdte.navy.mil> wrote: > Tim Dunphy wrote, On 10/22/2010 03:30 PM: >> hmm.. ok then gordon thanks for the input! how do these permissions grab ya? >> >> >> [bluethundr at LCENT01 ~]$ ls -alh | grep .ssh >> -rw------- 1 bluethundr summitnjops 70 Oct 17 14:04 .lesshst >> drwx------ 2 bluethundr summitnjops 512 Oct 22 14:06 .ssh >> >> >> [bluethundr at LCENT01 ~]$ ls -lah .ssh >> total 34K >> drwx------ 2 bluethundr summitnjops 512 Oct 22 14:06 . >> drwx------ 106 bluethundr summitnjops 5.5K Oct 22 14:44 .. >> -rw------- 1 bluethundr summitnjops 820 Oct 22 14:19 authorized_keys >> -rw------- 1 bluethundr summitnjops 1.7K Oct 22 14:18 id_rsa >> -rw-r--r-- 1 bluethundr summitnjops 403 Oct 22 14:18 id_rsa.pub >> -rw-r--r-- 1 bluethundr summitnjops 20K Oct 22 14:47 known_hosts >> [bluethundr at LCENT01 ~]$ >> >> > > An experiment for you... > > Assumptions: > 1) NFS v3 > 2) on the NFS server the file system is named '/exportedfilesytem' > 3) have root on both machines > 4) on the NFS client the file system is mounted such that it contains bluethundr's home directory > 5) root_squash is in play > > On the NFS server > MYNFSFS=/exportedfilesytem > grep $MYNFSFS /etc/exports > grep $MYNFSFS /etc/exports | grep -v no_root_squash > #if you get a line back then root on the client machine is being squashed. > man exports #search down for root_squash > > On the NFS client (virt1) > #### > login as root > #### > cd ~bluethundr/.ssh/ > #you may have just gotten an error. > ls -lah ~bluethundr/.ssh/* > #you may have just gotten an error. > cat ~bluethundr/.ssh/authorized_keys > #you _have_ just gotten an error, and this is the one that stops you IIRC. > > > Suggestions: > 1) Consider tightening up perms on id_rsa.pub & known_hosts > 2) Open up the _read_ perms on authorized_keys > 3a) IIRC you _may_ also have to open up the _read_ perms on ~/.ssh > 3b) IIRC you _may_ also have to open up the exec perms on ~/.ssh > If you have to do one of 3a or 3b, try each individually and only give as much as you have to. > > -- > Todd Denniston > Crane Division, Naval Surface Warfare Center (NSWC Crane) > Harnessing the Power of Technology for the Warfighter > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Here's my RSA Public key: gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9 Share and enjoy!!