Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Symptom

The misconfiguration of SSH-related files can give rise to various symptoms, most of which are characterised by the failure of one system to form a trusted connection with another. This troubleshooting article describes the general configuration you should adopt for correct SSH operation.

Correct Configuration

Permissions should be…z

Directory /mciworkb/.ssh

The directory /home/mciworkb/.sshshould have the following properties

  • owned by user mciworkb

  • have group ownership of dstage.

  • have permissions of 700 (drwx------)

This can be established with…

$> chown mciworkb:dstage /home/mciworkb/.ssh      # Ownership
$> chmod 700 /home/mciworkb/.ssh                  # Permissions

For example:

$> ls -ld /home/mciworkb/.ssh
drwx------ 2 root root 144 Feb 16 14:31 .ssh
$>

Files within /mciworkb/.ssh

The directory /home/mciworkb/.sshshould have at least two files:

  • authorized_keys - A file containing the SSH public keys of users that should be allowed to connect to this host using key-based authentication. This effectively controls inbound connections.

  • known_hosts - A file containing a list of keys? from known hosts that you have logged into from the server in which the known_hosts file lives.

A file associated with a specific account that contains one or more host keys. Each host key is associated with an SSH server address (IP or hostname) so that the server can be authenticated when a connection is initiated.

the following properties

  • owned by user mciworkb

  • have group ownership of dstage.

  • have permissions of 700 (drwx------)

This can be established with…

$> chown mciworkb:dstage /home/mciworkb/.ssh      # Ownership
$> chmod 700 /home/mciworkb/.ssh                  # Permissions

For example:

$> ls -ld /home/mciworkb/.ssh
drwx------ 2 root root 144 Feb 16 14:31 .ssh
$>

$> ls -ld /home/mciworkb/.ssh/*
-rw------- 1 mciworkb dstage 1167 Feb 16 14:26 .ssh/authorized_keys
-rw------- 1 mciworkb dstage  858 Feb 16 14:31 .ssh/known_hosts

and

 
 
$> chmod 600 .ssh/workbench
$> chmod 600 .ssh/workbench.pub
$> chmod 600 .ssh/authorized_keys
$> chmod 600 .ssh/known_hosts
$> chmod 600 .ssh/config

Solution

(solution, including…

$> practical
$> resolution
$> steps

Related Articles

  • List related articles (with links)

  • Either manually entered, or

  • Using a macro to list pages with related tags

  • No labels

© 2015-2024 Data Migrators Pty Ltd.