ssh public key authorisation failure

    • OMV 4.x
    • Resolved
    • ssh public key authorisation failure

      Hi,

      I'm running omv on an odroid HC2 (installed from the omv image on sourceforge). I've been trying to get public key authorisation working (following the procedure in the guide). I have succesfully achieved this on a "standard" omv install (i.e. not arm). The issue I have with the odroid install is that I continue to get "Permission denied (publickey)" errors when attempting to connect (ssh ssh-access-user@192.168.0.44 -i ~/.ssh/sshremote) . Please note if I enable keyboard interaction then I can login by supplying the password - ssh itself is not an issue, just public key access (and the public key placed on omv is always in rfc4716 format)

      So far, as I have this working on another server I have compared:
      - cat /var/lib/openmediavault/ssh/authorized_keys/ssh-access-user - exactly the same (I transferred the file and did a diff as well as visual inspection)
      - cat /etc/ssh/sshd_config - exactly the same (as are the settings in the webui that influence this file
      - the "user" section on the web ui has the same settings (i.e. user is in an rbash environment (also tried bash), groups are "ssh" and "users"
      - systemctl list-unit-files | grep ssh output is consistent between the servers
      - systemctl status theservicesabove all report similar

      At this point I hit google and didn't find anything pertinent to the situation, however, I was inspired to try setting up a home directory for the user so I could try ssh-copy-id, which I did using ssh-copy-id -i ~/.ssh/sshremote.pub ssh-access-user@192.168.0.44 (sshremote.pub being in rfc4716 format).

      This worked.

      Problem solved. Well, more of a workaround. I still don't know why the original method didn't work or what further debugging I can do to get to the root of the issue, (I did try reordering the authorized_keys file location in sshd_config so the omv location was first - which made no difference).

      Any help would be appreciated

      Kind regards

      Rob
    • ok, done some more digging. Looked at the log and found:

      [sshd 8693]: Authentication refused: bad ownership or modes for directory /

      i.e. my root directory was wide open!!!! errg, which led me to this thread: ssh with public key - bad ownership or modes for directory



      a simple chmod 755 on / solved the problem. It looks like there is an issue therefore with the OMV_4_Odroid_XU4_HC1_HC2.img.xz image, from the forum thread I think this is wrapped up in: github.com/armbian/build/issues/1098 and any new images won't have this problem