[TriLUG] Passwordless SSH

Matt Pusateri mpusateri at wickedtrails.com
Tue Jan 6 09:59:11 EST 2009


Yeah, I thought about /var/log/secure this morning.  I was pretty sure  
there should have been an ownerships modes error message though, I've  
tripped over this before :)  I typically run 'ls -ltr /var/log'  which  
will put the latest modified files at the bottom.  This way I can see  
which log files may provide more info, as some will log to messages,  
or debug, or daemon.log, etc depending on OS.


Also regarding selinux, you can look at /etc/sysconfig/selinux and see  
what selinux is set to.  Since selinux appears to be black magic, I  
usually set it to permissive and targeted, but that's mostly because I  
intend to learn about it so I don't want to disable it completely, but  
don't have time for it to get in my way.

Matt P.

On Jan 6, 2009, at 9:48 AM, Ron Young wrote:

> Shawn,
> It sure does!  Check out this typical entry during yesterday's  
> exercise:
>
> Jan  5 15:11:24 Prismsts sshd[19552]: Authentication refused: bad  
> ownership
> or modes for directory /root
>
> Seems I have just learned to pay more attention to the logs in /var/ 
> log/!!!
>
> Thanks.
>
>
> Ron Young
> 919-621-9015
>
>
> On Tue, Jan 6, 2009 at 9:44 AM, Shawn Hood <shawnlhood at gmail.com>  
> wrote:
>
>> Centos may log to /var/log/secure
>>
>> Sent from my iPhone
>>
>> On Jan 6, 2009, at 7:46 AM, "Ron Young" <ronyoung at nc.rr.com> wrote:
>>
>>> Matt,
>>> Here is the response I got:
>>>
>>> [root at Prismsts ~]# cd /
>>> [root at Prismsts /]# ls -lnd
>>> drwxr-xr-x  26 0 0 4096 Dec 31 11:35 .
>>> [root at Prismsts /]#
>>>
>>> Looks like / is actually owned by root.  Is there a way to ensure  
>>> that
>>> selinux is not involved?
>>>
>>>
>>> Ron Young
>>> 919-621-9015
>>>
>>>
>>> On Mon, Jan 5, 2009 at 10:29 PM, Matt Pusateri
>>> <mpusateri at wickedtrails.com>wrote:
>>>
>>>>
>>>> On Jan 5, 2009, at 9:21 PM, Ron Young wrote:
>>>>
>>>>> Sorry Matt,
>>>>> There is not a /var/log/auth or /var/log/debug file on either
>>>>> machine.
>>>>>
>>>>> There is nothing about it in the /var/log/messages file on the
>>>>> target
>>>>> machine that worked (the newer OS version).
>>>>>
>>>>> There is also nothing in the /var/log/messages about perms on the
>>>>> older
>>>>> machine (I think).  However, I get hundreds of lines of:
>>>>>
>>>>> pam_timestamp_check: pam_timestamp: `/' owner UID != 0
>>>>>
>>>>> followed by pages of:
>>>>>
>>>>> last message repeated 26 times
>>>>>
>>>>> in fact there were 27 50 line pages of this message at one point
>>>>> today
>>>>> between 15:14 yesterday and 14:55 today!!
>>>>>
>>>>> These I do not understand at all but it seems like the machine
>>>>> thrashes
>>>>> about pam a lot!
>>>>>
>>>>> Thoughts?
>>>>>
>>>>> Ron Young
>>>>> 919-621-9015
>>>>
>>>>
>>>> Off hand it seems like '/' has had it's perms changed.    As listed
>>>> here http://tinyurl.com/9wumxj   try 'ls -lnd' and see if user and
>>>> group id's are the same and set to root or UID=0   In any case,
>>>> normally pam shouldn't whine :)
>>>>
>>>>
>>>> Weird, I thought Centos had a /var/log/auth or /var/log/auth.log  
>>>> file
>>>> that should have had complaints about the perms on your ssh or home
>>>> dir
>>>>
>>>>
>>>> Matt P.
>>>> --
>>>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>>>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>>>
>>> --
>>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>> --
>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions




More information about the TriLUG mailing list