Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

ssh help I foolishly changed permissions on server

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help!
View previous topic :: View next topic  
Author Message
purplepenguin
LXF regular


Joined: Wed Oct 05, 2011 3:19 pm
Posts: 121
Location: Blissfully at the Command Line

PostPosted: Sun Feb 10, 2013 11:37 am    Post subject: ssh help I foolishly changed permissions on server Reply with quote

Hi all, I wonder if someone could point me in the right direction.

I have an Ubuntu 12.04 mediaserver at home. All the files are kept under a username of data at /home/data. My HTPC mounts the server via sshfs and connects using rsa keys. All was working fine until yesterday when I stupidly changed the file permissions of the user called data on the server. I changed the permissions to a+wrx /home/data (I can hear you all laughing) and now everytime I try to connect I am prompted for a the data@xbmc password.

I've googled around and tried changing permissions as suggested in a few posts, but nothing seems to put things back.

Here is the output for the server's permissions. Can anyone spot what I need to change?

Code:

drwxr-xr-x   2 data data  4096 Feb 10 09:44 .ssh

data@fileserver:/home/data/.ssh$ ls -l /home/data/.ssh
total 16
-rw-r--r-- 1 data data  392 Feb 10 09:44 authorized_keys
-rwxrwxrwx 1 data data 3915 Feb  2 15:56 authorized_keys.old
-rw-r--r-- 1 data data  391 Sep 13 17:55 id_rsa.pub
-rw-r--r-- 1 data data  222 Sep 15 11:29 known_hosts


Thanks for any help
Lee
_________________
Debian Testing 64bit KDE i5 CPU 8GB RAM

Firefox 29 wont let me move the Reload and Back buttons. It's my computer Mozilla not yours.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8454
Location: Warrington, UK

PostPosted: Sun Feb 10, 2013 1:19 pm    Post subject: Reply with quote

You're missing the private key.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
purplepenguin
LXF regular


Joined: Wed Oct 05, 2011 3:19 pm
Posts: 121
Location: Blissfully at the Command Line

PostPosted: Sun Feb 10, 2013 1:59 pm    Post subject: Reply with quote

Thanks Nelz. Comparing the two .ssh folders. (one on the server and the other on my main pc, it seems that the main pc has a flie called id_rsa which is missing from the server. Is it correct to assume this is the private key file?

However, This doesn't seem to be the root of my problem. It seems that the issue was that the home directory for data on the server was too open. Changing the permissions
Code:
chmod go-w /home/data

seems to have fixed the issue and I can now connect without the password prompt.

Strange I wonder where the id_rsa file is on the server.

Code:
root@fileserver:/# find id_rsa
find: ‘id_rsa’: No such file or directory

_________________
Debian Testing 64bit KDE i5 CPU 8GB RAM

Firefox 29 wont let me move the Reload and Back buttons. It's my computer Mozilla not yours.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8454
Location: Warrington, UK

PostPosted: Sun Feb 10, 2013 2:53 pm    Post subject: Reply with quote

It was going to be either too open permissions or the missing file. I went for the wrong one first Sad

You'll need to use ssh-keygen to create a new pair of key files, unless the old ones are backed up somewhere.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
MartyBartfast
LXF regular


Joined: Mon Aug 22, 2005 8:25 am
Posts: 814
Location: Hants, UK

PostPosted: Sun Feb 10, 2013 3:17 pm    Post subject: Reply with quote

If I've understood right your HTPC connects to the Ubuntu server via ssh, so the Ubuntu server has the public key - id_rsa.pub and the HTPC will have the private key - id_rsa , the private key will not be on the Ubuntu box.
_________________
I have been touched by his noodly appendage.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8454
Location: Warrington, UK

PostPosted: Sun Feb 10, 2013 5:23 pm    Post subject: Reply with quote

The HTPC's public key shouldn't be on the server at all, except as part of the authorized_keys file. If this is the HTPC's public key, you should delete it. If it's the server's public key, you have a file missing.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
purplepenguin
LXF regular


Joined: Wed Oct 05, 2011 3:19 pm
Posts: 121
Location: Blissfully at the Command Line

PostPosted: Sun Feb 10, 2013 6:51 pm    Post subject: Reply with quote

nelz wrote:
The HTPC's public key shouldn't be on the server at all, except as part of the authorized_keys file. If this is the HTPC's public key, you should delete it. If it's the server's public key, you have a file missing.


It was the HTPC's public key. I thought you had to copy the public key over to the remote server. I followed Mayank's tutorial in issue 155 OpenSSH Easy logins.
At the end of the tutorial Mayank says "The next step is to copy the public key to the remote server... You can move the key with a single command"
Code:
ssh-copy-id -i ~/.ssh/id_rsa_pub admin@server2.remote.com


Do I not need to copy the pub key to the remote server then?
_________________
Debian Testing 64bit KDE i5 CPU 8GB RAM

Firefox 29 wont let me move the Reload and Back buttons. It's my computer Mozilla not yours.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8454
Location: Warrington, UK

PostPosted: Sun Feb 10, 2013 6:55 pm    Post subject: Reply with quote

Yes you do, and that command will do it. But you copied the file as-is, which can't work, what happens if you want to log in from more than one computer? The contents of the public key file have to be copied into the authorized_keys file on the server, which is what ssh-copy-id does.

You can, and should, delete the public key file from the server.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
purplepenguin
LXF regular


Joined: Wed Oct 05, 2011 3:19 pm
Posts: 121
Location: Blissfully at the Command Line

PostPosted: Sun Feb 10, 2013 7:08 pm    Post subject: Reply with quote

Thanks Nelz. I have deleted the file and everything is still working.

I thought it was odd only having one .pub file when I have 3 PC that connect to the server. I thought that maybe ssh rolls them all into one. God only knows how and when I copied it over as I've always used the ssh-copy-id command.

Anyway thanks for all your help.
_________________
Debian Testing 64bit KDE i5 CPU 8GB RAM

Firefox 29 wont let me move the Reload and Back buttons. It's my computer Mozilla not yours.
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help! All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast