Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Authorized_keys and NFS

from [David Edwards] Network Security [Permanent Link]
Subject: Authorized_keys and NFS
Date: Fri, 23 Feb 2007 10:19:37 -0500 
Hello,

I'm having difficulty with getting SSHD to work with passwordless
authenication.

We're currently trying to set up a small cluster for teaching students
about MPI/parallel algorithms, and are using BCCD as our clustering
enivironment. BCCD uses SSH for all its internode communication, and, in
a default state, requires a fair ammount of work to execute programs.
Storing nodes' ssh data in authorized_keys has turned running programs
on the node from a headache to trivial. However, adding new
nodes/maintaining the related files is still a hassle, since any changes
must be done to every node. 

We have an NFS partition availible, and I can mount it and read/write
to it successfully; everything is set for +rwx (we're going to deal with
security after this is working, and we're not concerned with students
having access). What would be ideal is storing a copy of authorized_keys
(among other support files) on this NFS partition and either linking to
it or telling SSH to access it directly. This will allow us to make
global changes to our cluster without needing to visit each node
individually.

When I try this, however, SSH will not read the file.

-When I try to symlink the file from $HOME/.ssh/, SSH cannot read the
file but cat $HOME/.ssh/authorized_keys works correctly
-When I try to mount the NFS patition as $HOME/.ssh, SSH cannot read
the file but cat $HOME/.ssh/authorized_keys works correctly
-When I mount the NFS partition to its normal spot (/tmp/nfs) and
manually specify the file path in sshd_config
(/tmp/nfs/authorized_keys), SSH cannot read the file but cat
$HOME/.ssh/authorized_keys works correctly

when I try these, sshd -d tells me Authentication refused: bad
ownership or modes for file

BUT!
-When I symlink to a copy of the file in $HOME, SSH works correctly.
-When I move the file used in the above trials to $HOME/.ssh (and
comment out the changes to sshd_config), SSH works correctly (no
password needed to log in to that machine from an authorized machine).
-When I mount the NFS partition as /home (mount -t nfs
nfserver:/bccdfiles/ /home) SSH works successfully. 

I'm at a complete loss as to what the problem is. I thought it might be
an NFS issue, but when I mount the NFS partition as /home, everything
works. And the file is obviously good. Does anyone have any ideas?

Dave
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: cant connect, ssh hangs after SSH2_MSG_KEX_DH_GEX_GROUP, Micha
Next by Date:  Re: Authorized_keys and NFS, Greg Wooledge
Previous by Thread:  Re: cant connect, ssh hangs after SSH2_MSG_KEX_DH_GEX_GROUP, Micha
Next by Thread:  Re: Authorized_keys and NFS, Greg Wooledge
Indexes:  [Date] [Thread] [Top] [All Lists]