Question & Answer
Question
In LSF cluster system, our clients log into remote hosts via SSH passwordless authentication. When some users changed their home directory permission from 700 (rwx------) to 770 (rwxrwx---) , the SSH passwordless authentication failed to work , and SSH login kept requesting users password very time. Is this an expected behavior ? How to resolve or workaround this issue ?
Answer
This is an expected behavior for SSH. It protects user keys by enforcing "rwx------" permission setting on $HOME/.ssh and ensuring only the owner has write permissions to $HOME.
By default, SSH passwordless authentication works when the permission of users $HOME are set to "rwx------", "rwxr-x---" or "rwxr-xr-x" .
SSH passwordless authentication will fail if there are any variation of g+w or o+w exists on the $HOME directory.
As a workaround , the administrator can override above behavior by defining StrictModes to "NO" in the sshd_config configuration file; however this is not recommended.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1027838