ssh with public key - bad ownership or modes for directory

  • I have created a user, added him to ssh group, put public key, disabled password auth. When I try to make ssh connection it fails with the :


    Permission denied (publickey).


    omv logs says:


    sshd[21546]: Authentication refused: bad ownership or modes for directory /


    I have no idea what's wrong with that...

  • I didn't change it. Is a fresh installation. Password auth works fine.


  • I get:


    Code
    fred@omv:~$ ls -lhd /
    drwxr-xr-x+ 24 root root 4.0K Jun 13 11:58 /

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    • Offizieller Beitrag

    Permissions on top root directory wide open. If that happen who knows what else is screw up down bottom. Look even you have sticky bit there.
    Changing permissions recursively on the rootfs is a mayor f*ck.
    I would recommend you to reinstall. Please if you had follow a web tutorial or a guide on installing something you might not entered the command correctly.

  • This is really weird... I just made a fresh install. I went to GUI to enable permitted root to do ssh and look at the premission of / :



    I took image : OMV_4_Raspberry_Pi_2_3_3Plus.img.xz
    bruned it to SD card and put to rpi3
    waited for 10 minutes
    access to gui to enable ssh for root
    that's all

  • Fresh installation of OMV 3 gives me the right permission:



    I can confirm that on OMV 3 everything works like a charm :)

  • @tkaiser something to fix on the omv4 images

    Why? Seems only the RPi image is affected (which is created differently -- seems the 'some annoying manual steps included' I mentioned when I called for testers messed things up?).


    Currently no RPi around and I don't think I'll buy such crappy hardware ever again...

  • Currently no RPi around and I don't think I'll buy such crappy hardware ever again...

    To my surprise I did not already delete the images on the build VM. Repeated the procedure and to me it looks like only permissions of the root directory were wrong and a simple chmod should be all that's needed:


    So with new procedure (only change is the chmod call) here's the result: OMV_4_Raspberry_Pi_2_3_3Plus.img.xz


    @frankja2 can you test please? Maybe this time testing will cover all issues :whistling:


    @ryecoaaron: when testing is sufficient can you please delete the old RPi OMV 4 image at https://sourceforge.net/projec…ngle%20Board%20Computers/ and



    I think we need to put the RPi image into this specific download directory since tons of tutorials on the net reference this already.

    • Offizieller Beitrag

    I think we need to put the RPi image into this specific download directory since tons of tutorials on the net reference this already.

    The image seems to be working ok from a short test.
    RPi image removed from OMV 4.x for Single Board Computers directory and readme updated.
    Uploaded new image and readme to RPi directory.
    Will remove 3.x image in a few days.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I am having the same issue as @frankja2 with the following error when I try to use public key authentication:


    Permission denied (publickey).


    However I am using OMV_4_Odroid_XU4_HC1_HC2.img.xz image on an Odroidxu4.


    Do you have any advice on how to fix this?



    Thanks for any help you may be able to provide.

  • same issue with OMV_4_Banana_Pi.img.xz


    Unlikely. The above mentioned problem was due to manual intervention needed when creating the RPi image (since Raspberry Pi is a closed source platform needing the primary operating system called ThreadX being present in latest version on a FAT partition). All images for real ARM boards are created fully automated so those permission errors can't happen.

  • I was having the same issue with my Odroid HC1. Changing the permissions appears to have fixed the issue (see below).


    I'm also using the OMV_4_Odroid_XU4_HC1_HC2.img.xz image, clean install then upgraded to 4.1.10.


  • I believe I'm also seeing this on my Rock64. Just installed it and have only configured things from the web dashboard so far (add users, mount drives, no plugins though).


    SSH with private key fails, but password works.


    Same failure message:

    Code
    root@nas:/# grep sshd /var/log/auth.log
    ...snip...
    Sep  4 22:52:38 nas sshd[11762]: Authentication refused: bad ownership or modes for directory /


    Permissions do seem wrong:


    root@nas:/# chmod 755 / fixes it.


    The MD5 matches https://sourceforge.net/projec…ngle%20Board%20Computers/ so think I have a good image.

    Code
    ~ md5 OMV_4_Rock64.img.xz
    MD5 (OMV_4_Rock64.img.xz) = 45f04cd266294c5921c63e32ac7f88ae
  • Fixed upstream in Armbian but this will only affect new images. On the current OMV4 images (except the one for RPi and now NanoPi K1 Plus) the manual 'chmod 755 /' fix is still needed in this situation.


    @ryecoaaron: can you please upload OMV_4_NanoPi_K1_Plus.img.xz to https://sourceforge.net/projec…ngle%20Board%20Computers/


    NanoPi K1 Plus is rather interesting: 64-bit SoC, 2 GB DRAM, Gigabit Ethernet, 3 x USB2 with no shared bandwidth, eMMC socket...

    • Offizieller Beitrag

    can you please upload

    Uploaded.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!