Troubleshooting
Problem
Permission constitutes the majority of issues related to SFTP with public-key authentication. The information in this document will help guide users on UNIX style permission for SSH objects on the IBM eServer i5.
Resolving The Problem
Permission constitutes the majority of issues related to SFTP with public-key authentication. The information below will help guide users on UNIX style permission for SSH objects on the IBM eServer i5.
Open QP2TERM with CALL QP2TERM. Verify that you have the correct permission set on the associated files.
On the QP2TERM command line, issue the commands in bold black text and replace clientuid and serveruid with the correct user names for each system.
On the Client System:
| 1. | Verify that the home directory /home/clientuid/ is owned by clientuid and there is no write authority for a group or other user. > ls -ld /home/clientuid/ You will see output similar to the following: drwxr-sr-x 3 clientuid 0 8192 Sep 02 11:09 /home/clientuid If your display does not match, issue the command below to correct. > chmod 755 /home/clientuid/ |
| 2. | Verify that the directory /home/clientuid/.ssh is owned by clientuid and there is no authority at all for a group or other user. > ls -ld /home/clientuid/.ssh You will see output similar to the following: drwx--S--- 3 clientuid 0 8192 Sep 02 11:09 /home/clientuid/.ssh If your display does not match, issue the command below to correct. > chmod 700 /home/clientuid/.ssh |
| 3. | Verify /home/clientuid/.ssh/id_dsa* is owned by clientuid and there is no authority at all for a group or other user. on the private key file. The public key file can have group and other read authority: > ls -l /home/clientuid/.ssh/id_dsa* You will see output similar to the following: -rw------- 1 clientuid 0 668 Sep 02 11:09 /home/clientuid/.ssh/id_dsa -rw-r--r-- 1 clientuid 0 623 Sep 02 11:09 /home/clientuid/.ssh/id_dsa.pub If your display does not match, issue the commands below to correct. > chmod 600 /home/clientuid/.ssh/id_dsa > chmod 644 /home/clientuid/.ssh/id_dsa.pub Note: In the example above. the commands were used to check the authorities for an DSA key pair. The same commands can be used to verify and change the permissions on RSA key pairs. |
On the Server System:
| 1. | Verify the home directory is owned by serveruid and there is no write authority for a group or other user: > ls -ld /home/serveruid/ You will see output similar to the following: drwxr-sr-x 3 serveruid 0 8192 Sep 02 11:09 /home/serveruid If your display does not match, issue the command below to correct. > chmod 755 /home/serveruid/ |
| 2. | Verify the directory /home/serveruid/.ssh is owned by serveruid and there is no authority at all for a group or other user: > ls -ld /home/serveruid/.ssh You will see output similar to the following: drwx--S--- 3 serveruid 0 8192 Sep 02 11:09 /home/serveruid/.ssh If your display does not match, issue the command below to correct. > chmod 700 /home/serveruid/.ssh |
| 3. | Verify /home/serveruid/.ssh/authorized_keys is owned by serveruid and there is no authority at all for a group or other user: > ls -l /home/serveruid/.ssh/authorized_keys You will see output similar to the following: -rw------- 1 serveruid 0 8192 Sep 02 11:09 /home/serveruid/.ssh/authorized_keys If your display does not match, issue the command below to correct. > chmod 600 /home/serveruid/.ssh/authorized_keys |
Historical Number
390880743
Was this topic helpful?
Document Information
Modified date:
18 December 2019
UID
nas8N1015378