WebFaction
Community site: login faq

SSH publickey no longer works for me on web236

I have a client on web236. I was trying to get a new programmer to SSH in using the password, but discovered I've been using publickey for so long I had forgotten it. Sooo, I went to the dashboard and reset the SSH password.

Suddenly my own SSH using publickey no longer works. It always prompts for a password. I tried clearing out the ~/.ssh/authorized_keys file, then doing a ssh-copy-id (etc) from my home machine, then doing ssh user@example.com. It still wanted the password. I did ssh -v user@example.com and it shows it trying the publickey method, but there is no error message about why it failed, it simply goes on to the password method.

Update:

I noticed that a lot of vanilla files in the home directory (/home/pinot) suddenly had their --x bit set. And then I started looking at files all the way down the various directory trees ... they all had permissions set in ways that I would have never set them -- .py files, .jpg, etc., etc. had xx7x set.

My bet is that in adding the new user account to be able to access this directory read/write, an overly enthusiastic script went through and blindly added 0070 to all of the files, including those in my ~/.ssh directory and to my home directory.

I changed the permissions in/on ~/.ssh, but it didn't work. Then I chmoded ~ to 0700 and it worked. I then tried 0750 on ~ and that worked. I finally tried 0770 (which is what the script did) and BAM, it doesn't work.

Conclusion:

WF needs to work on how they give users access to a different user's directory, because the current script a) does too much, and b) breaks previously working code.

asked 07 Oct '14, 20:09

hedronist
27312
accept rate: 0%

edited 07 Oct '14, 21:41


It's most likely a problem with the permissions on ~/.ssh directory or ~/.ssh/authorized_keys - the correct permissions are listed in our SSH key docs. Hope that helps!

permanent link

answered 07 Oct '14, 21:03

seanf
12.2k41836
accept rate: 37%

OK, did that, but it didn't work. But I shouldn't have had change anything since I never changed any of those permissions in the last several years. See update to the question above.

(07 Oct '14, 21:29) hedronist

Ok, please open a support ticket with your account details so that I can check the SSH logs on your server.

(07 Oct '14, 21:37) seanf

@seanf: We are ships passing in the night. See my update above. I also confirmed that this is known-and-correct behavior on SSH's part when the home directory is group or world writable. See this post for more.

(07 Oct '14, 21:58) hedronist

Ok, I'll let our system administrators know about this issue.

(07 Oct '14, 22:03) seanf
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×103
×45
×2

question asked: 07 Oct '14, 20:09

question was seen: 2,141 times

last updated: 07 Oct '14, 22:03

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM