[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Guix binary tarball

From: Taylan Ulrich Bayırlı/Kammer
Subject: Re: Guix binary tarball
Date: Fri, 15 May 2015 21:45:45 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Andreas Enge <address@hidden> writes:

>> > As a consequence, we could not ssh into the machine any more
>> > (!).
>> I don’t see how this could happen.
> Try "chown 30000.30001 $HOME". Then ssh into the machine asks for the
> passphrase instead of using the public-private key pair.

I believe this is because OpenSSH, being highly pedantic (I suppose
rightfully so), will refuse to acknowledge ~/.ssh/authorized_keys when
its owner or permissions are wrong.  (Or even merely the permissions on

Additionally, it's a best-practice to disable password-authentication
for the root account in sshd_config (Debian 8 proposes it at least) to
prevent the chance of successful brute-force/dictionary attacks.

Together that would mean no root SSH access to the machine at all.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]