SSH only working with root

Status
Not open for further replies.

Ascotg

Dabbler
Joined
Sep 26, 2016
Messages
19
Hi,

So I just set up 11.0 U4 and I'm trying to get SSH to work for my users. So far only root can SSH using keys, for users I get the following error from putty: "Disconnected: no supported authentication methods available (server sent: publickey).

Using the same key with root is no problem at all, and SSH using password for normal users works too. But since, that's not very safe I want my users to use keys as well.

Any suggestions?

Thanks,
 

Ascotg

Dabbler
Joined
Sep 26, 2016
Messages
19
Hi,

Yes, I did. The strange thing is it works for root (copy paste the key and all), but not for users.

Thanks
 
D

dlavigne

Guest
Any errors in /var/log/messages or /var/log/auth.log when a user tries to connect?
 

Ascotg

Dabbler
Joined
Sep 26, 2016
Messages
19
Code:
Dec  3 07:50:14 freenas sshd[1111]: Authentication refused: bad ownership or modes for file /mnt/Volume1/John/.ssh/authorized_keys
Dec  3 07:50:14 freenas sshd[1111]: error: Received disconnect from 192.168.0.1 port 1111:14: No supported authentication methods available [preauth]

I run a port forwarding on putty. (For security reasons my name and port have been edited)

Does this info help?
 
Last edited by a moderator:
D

dlavigne

Guest
Code:
Dec  3 07:50:14 freenas sshd[1111]: Authentication refused: bad ownership or modes for file /mnt/Volume1/John/.ssh/authorized_keys

That's the issue. That should not happen though if you paste the keys into the user's account entry. If you didn't muck with the perms manually, please create a bug report at bugs.freenas.org and post the issue number here.
 

Ascotg

Dabbler
Joined
Sep 26, 2016
Messages
19
I couldn't create an account on bugs.freenas.org.

However, I think I found the root of the problem. Users have reported the following issue: on the server side, the user's home directory should not have write permission for group or other. I can't turn this off, presumably because it's set for Windows permission. Any solution?
 

Ascotg

Dabbler
Joined
Sep 26, 2016
Messages
19
No (I wouldn't even know how). I login to the WEBGUI and on the users page I deselect Group/Write. Click OK and the box closes. However, when I open it again nothing has changed.
 
D

dlavigne

Guest
Sorry, I read your post wrong. Message me the email you used to create an account on the bug tracker and I'll activate your account.
 

Ascotg

Dabbler
Joined
Sep 26, 2016
Messages
19
Great news, I found it. In fact it was Windows being Windows again. Here's the fix:

SSH is very picky about the home folder, it won't allow a group to have write access to it. However, since it's a Windows folder changing permissions isn't always that easy. From a Windows pc go to the network drive, right click, properties security and remove the group write access from the folder.

This video indeed helped: https://forums.freenas.org/index.php?resources/freenas-and-samba-smb-permissions-video.8/
 
Status
Not open for further replies.
Top