[TriLUG] Passwordless SSH

Ron Young ronyoung at nc.rr.com
Tue Jan 6 09:48:10 EST 2009 

Shawn,
It sure does!  Check out this typical entry during yesterday's exercise:

Jan  5 15:11:24 Prismsts sshd[19552]: Authentication refused: bad ownership
or modes for directory /root

Seems I have just learned to pay more attention to the logs in /var/log/!!!

Thanks.


Ron Young
919-621-9015


On Tue, Jan 6, 2009 at 9:44 AM, Shawn Hood <shawnlhood at gmail.com> wrote:

> Centos may log to /var/log/secure
>
> Sent from my iPhone
>
> On Jan 6, 2009, at 7:46 AM, "Ron Young" <ronyoung at nc.rr.com> wrote:
>
> > Matt,
> > Here is the response I got:
> >
> > [root at Prismsts ~]# cd /
> > [root at Prismsts /]# ls -lnd
> > drwxr-xr-x  26 0 0 4096 Dec 31 11:35 .
> > [root at Prismsts /]#
> >
> > Looks like / is actually owned by root.  Is there a way to ensure that
> > selinux is not involved?
> >
> >
> > Ron Young
> > 919-621-9015
> >
> >
> > On Mon, Jan 5, 2009 at 10:29 PM, Matt Pusateri
> > <mpusateri at wickedtrails.com>wrote:
> >
> >>
> >> On Jan 5, 2009, at 9:21 PM, Ron Young wrote:
> >>
> >>> Sorry Matt,
> >>> There is not a /var/log/auth or /var/log/debug file on either
> >>> machine.
> >>>
> >>> There is nothing about it in the /var/log/messages file on the
> >>> target
> >>> machine that worked (the newer OS version).
> >>>
> >>> There is also nothing in the /var/log/messages about perms on the
> >>> older
> >>> machine (I think).  However, I get hundreds of lines of:
> >>>
> >>> pam_timestamp_check: pam_timestamp: `/' owner UID != 0
> >>>
> >>> followed by pages of:
> >>>
> >>> last message repeated 26 times
> >>>
> >>> in fact there were 27 50 line pages of this message at one point
> >>> today
> >>> between 15:14 yesterday and 14:55 today!!
> >>>
> >>> These I do not understand at all but it seems like the machine
> >>> thrashes
> >>> about pam a lot!
> >>>
> >>> Thoughts?
> >>>
> >>> Ron Young
> >>> 919-621-9015
> >>
> >>
> >> Off hand it seems like '/' has had it's perms changed.    As listed
> >> here http://tinyurl.com/9wumxj   try 'ls -lnd' and see if user and
> >> group id's are the same and set to root or UID=0   In any case,
> >> normally pam shouldn't whine :)
> >>
> >>
> >> Weird, I thought Centos had a /var/log/auth or /var/log/auth.log file
> >> that should have had complaints about the perms on your ssh or home
> >> dir
> >>
> >>
> >> Matt P.
> >> --
> >> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> >> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
> >>
> > --
> > TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>

More information about the TriLUG mailing list