[CentOS] ssh failed only with nfs home directory

Tue Jul 14 11:43:16 UTC 2015
zep <zgreenfelder at gmail.com>


On 07/13/2015 11:14 PM, Tim Dunphy wrote:
>
> Here's the permissions and ownership on the directories and files:
>
> #ls -ld /home/bluethundr/ /home/bluethundr/.ssh
> /home/bluethundr/.ssh/authorized_keys
>
> drwxr-x---. 37 bluethundr bluethundr 4096 Jul 13 20:57 /home/bluethundr/
>
> drw-------.  3 bluethundr bluethundr 4096 Jun 15 17:22 /home/bluethundr/.ssh

I'd expect this directory to be mode 700.   also assuming that your id
is actually 'bluethundr' and not 'TimDunphy' as before from ssh -v
output.  if you do have user ID collision between the machines it could
add to the confusion.
>
> -rw-------.  1 bluethundr bluethundr 2614 Jun 15 17:22
> /home/bluethundr/.ssh/authorized_keys
>
> SELinux is set to permissve:
>
> #getenforce
> Permissive
>
> If I unmount the nfs home directory I am able to log in:
>
> [root at nfs1:~] #umount -l /home
> [root at nfs1:~] #
>
> #ssh bluethundr at nfs1.example.com
> Last login: Mon Jul 13 23:08:35 2015 from ool-2f126f64.dyn.optonline.net
> -bash-4.2$
>
> The permissions on the non-nfs home directory are the same as the NFS
> mounted home directory:
>
> #ls -ld /home/bluethundr/ /home/bluethundr/.ssh
> /home/bluethundr/.ssh/authorized_keys
> drwxr-x---. 37 bluethundr bluethundr 4096 Jul 13 20:57 /home/bluethundr/
> drw-------.  3 bluethundr bluethundr 4096 Jun 15 17:22 /home/bluethundr/.ssh
> -rw-------.  1 bluethundr bluethundr 2614 Jun 15 17:22
> /home/bluethundr/.ssh/authorized_keys
>
> As soon as I mount it back, the issue returns and I am unable to ssh in:
>
> #ssh bluethundr at nfs1.example.com
> Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
>
>
> I'd really appreciate any ideas you guys may have as to why this is
> happening!!
>
> Thanks,
> Tim
>

perhaps with a local mount it goes ahead and gives you the directory
searching ability since you own the directory and it doesn't really make
sense for you not to be able to do otherwise, but it can't do the same
sort of logical override for NFS?   I'm mostly shooting in the dark, but
it's where I'd start.

-- 
public gpg key id: AE60F64C