Hello list I thought it might be nice to log on using an rsa or dsa key. So I created both an rsa and a dsa key using ssh-user-config. The keys were created in ~/.ssh, and the required changes made to authized_keys. Logging in to the server using ssh -i ~/.ssh/id_rsa -l fermin -v localhost gives me all kind of output, the essential being: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for '//dcp1/users/fermin/.ssh/id_rsa' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: //dcp1/users/fermin/.ssh/id_rsa Enter passphrase for key '//dcp1/users/fermin/.ssh/id_rsa':
After entering the passphrase for my key, there is more: debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password [EMAIL PROTECTED]'s password: It falls back to 'normal' password authentication, which also works, of course. But it's not what I had in mind. So I went into ~/.ssh, listed the contents: $ ls -l total 6 -rw-r--r-- 1 fermin Domain U 822 Sep 20 15:23 authorized_keys -rw-r--r-- 1 fermin Domain U 668 Sep 20 15:48 id_dsa -rw-r--r-- 1 fermin Domain U 601 Sep 20 15:23 id_dsa.pub -rw-r--r-- 1 fermin Domain U 883 Sep 20 15:48 id_rsa -rw-r--r-- 1 fermin Domain U 221 Sep 20 15:23 id_rsa.pub -rw-r--r-- 1 fermin Domain U 220 Sep 20 15:23 known_hosts $ chmod -v 600 id_*sa mode of `id_dsa' changed to 0600 (rw-------) mode of `id_rsa' changed to 0600 (rw-------) Unfortunately, the files are not impressed by my actions, and the '-v' parameter does only show what would have happened in a normal world. Which my system doesn't seem to be. "chmod -c 600 id_*sa" works correctly, though, not showing any changes having happened. At this point I figured it must have something to do with NTFS permissions (being MCSE and all that) and tried to change the permissions of the id files in Windows (and ownership, while I was at it). I also mad sure that "StrictModes no" is active in sshd_config, which it is. >From the windows point of view, everything should be fine, but I think there's a difference in file rights between *unix systems and Windows: In Windows, the actual file permission overrides the directory permission, meaning that you could have access (read/write/whatever) to a file while not being able to access the directory where the file is. Don't ask me why or say "that's insane" - it's just the way it is, I didn't come up with NTFS in the first place. afair from my recent Solaris course, *nix does it the other way round, directory permissions always override file permissions? Not wanting to screw around any more than I already have, could somebody please confirm that I probably need to adjust the directory permissions for ~/.ssh (to what, who should be the owner, what about 'other'?), and then it should work? And of course I will have to turn off inherited rights on that directory, as well... Because work it did: mkdir /tmp/fermin cp ~/.ssh/id_rsa /tmp/fermin chmod 600 /tmp/fermin/id_rsa ssh -l fermin -i /tmp/fermin/id_rsa localhost ... worked like a charm. Hopefully, somebody ran into this problem before and can give me a hint or two? Thanky you! Regards Fermin -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
