Help - I've come 98% of the way and I've hit a wall!! For background =
(and
to highlight that I have actually played with this stuff), I have users
happily logging in to chrooted environments, sftp works a treat as do =
the
individual configs in rssh.conf. Uploads/downloads all working nicely =
as
well.
However, all is not well in paradise - I have one user who accesses my =
sftp
server using scripts, and therefore wants to use passphrase-less RSA1 =
keys
(I know, don't start on me about the security implications!!). "No =
probs" I
think to myself - install the key in his "authorized_keys" file, do a =
test
and to my surprise get the following (names/dates removed):
Sshd(pam_unix): authentication failure; logname=3D uid=3D0 euid=3D0 =
tty=3DNODEVssh
ruser=3D rhost=3D<myhostname> user=3D<username>
Sshd(pam_unix): session opened for user <username> by (uid=3D500)
Rssh: setting log facility to LOG_USER
Rssh: line 42: configuring user <username>
Rssh: setting <username's> umask to 011
Rssh: allowing sftp to user <username>
Rssh: chrooting <username> to /home/<username>
Rssh: user <username> attempted to execute forbidden commands
Rssh: command: sftp
Sshd)pam_unix): session closed for user <username>
Now, I've played quite a bit with ssh, so the thing that has me baffled =
is
that although pam says authentication failed, it still allows me to =
proceed.
Only later do I get thrown out due to the forbidden command error. From =
the
client side, the user is presented with the standard "This account is
restricted to sftp...etc" error
Can anyone see what I've missed??? It's driving me nuts because this =
user's
account and access works fine in interactive (ie username/password) mode =
but
throws up all over itself as soon as I introduce keys... I was not able =
to
find any info in my research to indicate any special problems with keys =
-
has anyone else got keys working?
I appreciate ANY insight!!
Jeff {8^)
(BTW, apologies for a partial previous post, my mailer freaked =
mid-typing
and killed a previous version of this!)
|
