User's home directory permission setting causes SSH passwordless authentication failure.

Question & Answer

Question

In LSF cluster system, our clients log into remote hosts via SSH passwordless authentication. When some users changed their home directory permission from 700 (rwx------) to 770 (rwxrwx---) , the SSH passwordless authentication failed to work , and SSH login kept requesting users password very time. Is this an expected behavior ? How to resolve or workaround this issue ?

Answer

This is an expected behavior for SSH. It protects user keys by enforcing "rwx------" permission setting on $HOME/.ssh and ensuring only the owner has write permissions to $HOME.

By default, SSH passwordless authentication works when the permission of users $HOME are set to "rwx------", "rwxr-x---" or "rwxr-xr-x" .

SSH passwordless authentication will fail if there are any variation of g+w or o+w exists on the $HOME directory.

As a workaround , the administrator can override above behavior by defining StrictModes to "NO" in the sshd_config configuration file; however this is not recommended.

[{"Product":{"code":"SSWRJV","label":"IBM Spectrum LSF"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Tips

User's home directory permission setting causes SSH passwordless authentication failure.

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?