FreeNAS 11 - SSH: permission denied (publickey)

[yru_IT]

The only explanation I can think of would be if your 'homes' dataset is read-only. You can check this by going to Storage and checking the homes dataset options.

No, I was able to copy files to the folders on the nas using winSCP... BUT I FOUND THE PROBLEM...
When I had set up my Storage Pool, I had set my permissions ACL Type to windows since the help ? said to set to the type of users...
I changed it to Unix and now I can set the permissions with chmod. :D I haven't tried ssh yet. I'll do that now and continue this...

Well, I still have issues with SSH but I think i'm getting closer..

 

[yru_IT]

Oh, BTW, what tipped me on to this issue is that I noticed that the directory response with ls -l is showing a + at the ens of the permissions . I searched in this and that is where I found some vague info on extended permissions.

 

[yru_IT]

OK, thanks to the previous posts in this section, not only does the .ssh folder need to be 700 and the authorized_keys file need to be 600, BUT the user folder also needs to be 700! This needs to be pointed out! I have spent many days trying to figure this out.
Thanks to all !!!! It pays to closely read the posts. Also keep the ACL Type set to Unix.

 

[Newfoundland.Republic]

My home directories have their own data set. When I set it up I set the ACL type as being Windows as it is primarily Windows users who will have their shares there. However, you cannot set the "right" ACLs when the data set is configured for Windows - it needs to be set to Unix to work.

Once that is done you can set the permissions correctly for .ssh and your PSK logins will work okay.

 

[bill_mcgonigle]

This was a helpful thread. On my machine, after an upgrade to FreeNAS-11.2-U7, the volume with my /home on it was set to Windows ACL and root:wheel 770. How very odd!

I took a grab of the ZFS permissions before and after changing the ACL type from Windows to Unix and i got in the diff:

Code:

< tank/home  aclmode               discard                default
---
> tank/home  aclmode               passthrough            local

So it looks like "Windows" means aclmode=discard which is now default? "Unix" appears to be aclmode=passthrough which needs to be set locally. Surprising on a Unix machine.