2

I've a server running Ubuntu 10.04 (as a VM) to which I can't connect using ssh key authentication without being asked for the password. I've read a lot before posting but I really don't know what I'm missing.

My .ssh folder in the server has 700 for permissions and the authorized keys file has 600 for permissions. The result is like this:

drwx------ 2 myUser myUser 4096 Mar 26 12:15 .ssh
-rw------- 1 myUser myUser 426  Mar 26 12:15 authorized_keys

Checking /var/auth/auth.log, I've been able to detect these 2 lines that are repeated every time I log in (and I'm asked for the password):

Authentication refused: bad ownership or modes for directory /home/myUser.
Accepted password for myUser from myIP port 64916 ssh2

I think the configuration of the keys (content of authorized_keys, etc) is ok, because I've found that if I turn off Strict Modes, I can log in without being asked for the password, but I'm not sure about if this is secure and I want to have the system protected of intrusions.

Does anyone know what might be my problem here?

gd_silva
  • 123
  • 3

1 Answers1

4

StrictModes checks the home directory permissions not just the .ssh directory. As the man pages say: This is normally desirable because novices sometimes accidentally leave their directory or files world-writable.

Authentication refused: bad ownership or modes for directory /home/myUser.

Says it has a problem with the home directory permissions.

Brian
  • 3,476
  • 18
  • 16