[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guix binary tarball
|
From: |
Taylan Ulrich Bayırlı/Kammer |
|
Subject: |
Re: Guix binary tarball |
|
Date: |
Fri, 15 May 2015 21:45:45 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Andreas Enge <address@hidden> writes:
>> > As a consequence, we could not ssh into the machine any more
>> > (!).
>> I don’t see how this could happen.
>
> Try "chown 30000.30001 $HOME". Then ssh into the machine asks for the
> passphrase instead of using the public-private key pair.
I believe this is because OpenSSH, being highly pedantic (I suppose
rightfully so), will refuse to acknowledge ~/.ssh/authorized_keys when
its owner or permissions are wrong. (Or even merely the permissions on
$HOME?)
Additionally, it's a best-practice to disable password-authentication
for the root account in sshd_config (Debian 8 proposes it at least) to
prevent the chance of successful brute-force/dictionary attacks.
Together that would mean no root SSH access to the machine at all.
Taylan
Re: Guix binary tarball, Mark H Weaver, 2015/05/19