Thursday, November 22, 2018

sshd[22107]:SSH Authentication Refused Bad Ownership or Modes for Directory

Hello everyone ,

Lets discuss how to troubleshoot following error while trying to login remotely using pass wordless ssh.
"sshd[22107]: Authentication refused: bad ownership or modes for directory"

One user from development team was trying to run some pearl script and while executing that script he getting permission denied and prompting for password(pass wordless authentication environment)

When user executing pearl script he was getting following message

please authenticate for oracle|Authenticated with 
partial success|Permission denied (keyboard-interactive,password

 So I decided to check /var/log/authlog  file for any clue. After checking file found following line in authlog.

sshd[20856]: Authentication refused: bad ownership or modes for directory /home/oracle

from this clue it indicating that ownership or mode on home directory not correctly set. when i checked found that ownership is correct but permission on home directory wasn't correct . "/home/oracle" directory was group writable and this causing error "sshd[22107]: Authentication refused: bad ownership or modes for directory".

So here are  step which i performed to correct this error 

#chmod g-w /home/oracle

#ls -ld /home/oracle

#Linux: /home/oracle# ls -ld /home/oracle

drwxr-x--- 2 oracle dba 4096 Nov  3  2017 /home/oracle

so here important thing is home directory must not group writeable.

After removing write permission from group development user able successfully execute pearl script and able to do passwordless login.

Some other pre-requisite for passwordless ssh configuration are like below.......

1 User home directory permission :755 and correct ownership 
2 .ssh: 700 and correct ownership
3  authorized_keys :600 and correct ownership
4 correct public key at both source and destination server

Thanks !!!!!!!!!!!





No comments:

Post a Comment