Authentication refused: bad ownership or modes for directory /opt/plcnext
[code type="markup"]
Authentication refused: bad ownership or modes for directory /opt/plcnext
[/code]
I get this line in [b]/var/log/auth.log[/b] when I try to log with publickey as user [b]admin[/b] on a PLCnext controller.
Login with publickey as user [b]root[/b] works flawlessly.
My understanding is, that sshd will not accept public keys if the permissions on the key folder / file are too liberal.
[code type="markup"]
root@axcf2152:~# ls -al /opt/
total 18
drwxrwxr-x 1 admin plcnext 4096 Jan 17 2019 .
drwxr-xr-x 1 root root 4096 Jan 17 2019 ..
drwxr-xr-x 3 root root 1024 Mar 9 2018 cifx
-rw------- 1 root root 143 Jan 17 2019 fibo.ini
drwxrwxr-x 1 admin plcnext 4096 May 9 12:09 plcnext
drwxr-xr-x 4 root root 1024 Mar 9 2018 system
[/code]
Note the liberal permissions on [b]/opt/plcnext[/b] which is the home directory of [b]admin[/b].
Is that a known issue? I am fairly sure, that those permissions are the default ones.
For reference a more complete excerpt of [b]/var/log/auth.log[/b] shoing successful root login and failed admin login
[code type="markup"]
May 12 23:29:24 axcf2152 sshd[8605]: Accepted publickey for root from 100.119.102.104 port 64412 ssh2: RSA SHA256:hYW5CVQMVmyxsvW5Wi2gJJU5cGDSWqX/uzRwzGuxD40
May 12 23:29:24 axcf2152 sshd[8605]: pam_unix(sshd:session): session opened for user root by (uid=0)
May 12 23:29:59 axcf2152 sshd[8611]: Authentication refused: bad ownership or modes for directory /opt/plcnext
May 12 23:30:07 axcf2152 sshd[8611]: Accepted password for admin from 100.119.102.104 port 64420 ssh2
May 12 23:30:07 axcf2152 sshd[8611]: pam_unix(sshd:session): session opened for user admin by (uid=0)
[/code]
Authentication refused: bad ownership or modes for directory /opt/plcnext
[/code]
I get this line in [b]/var/log/auth.log[/b] when I try to log with publickey as user [b]admin[/b] on a PLCnext controller.
Login with publickey as user [b]root[/b] works flawlessly.
My understanding is, that sshd will not accept public keys if the permissions on the key folder / file are too liberal.
[code type="markup"]
root@axcf2152:~# ls -al /opt/
total 18
drwxrwxr-x 1 admin plcnext 4096 Jan 17 2019 .
drwxr-xr-x 1 root root 4096 Jan 17 2019 ..
drwxr-xr-x 3 root root 1024 Mar 9 2018 cifx
-rw------- 1 root root 143 Jan 17 2019 fibo.ini
drwxrwxr-x 1 admin plcnext 4096 May 9 12:09 plcnext
drwxr-xr-x 4 root root 1024 Mar 9 2018 system
[/code]
Note the liberal permissions on [b]/opt/plcnext[/b] which is the home directory of [b]admin[/b].
Is that a known issue? I am fairly sure, that those permissions are the default ones.
For reference a more complete excerpt of [b]/var/log/auth.log[/b] shoing successful root login and failed admin login
[code type="markup"]
May 12 23:29:24 axcf2152 sshd[8605]: Accepted publickey for root from 100.119.102.104 port 64412 ssh2: RSA SHA256:hYW5CVQMVmyxsvW5Wi2gJJU5cGDSWqX/uzRwzGuxD40
May 12 23:29:24 axcf2152 sshd[8605]: pam_unix(sshd:session): session opened for user root by (uid=0)
May 12 23:29:59 axcf2152 sshd[8611]: Authentication refused: bad ownership or modes for directory /opt/plcnext
May 12 23:30:07 axcf2152 sshd[8611]: Accepted password for admin from 100.119.102.104 port 64420 ssh2
May 12 23:30:07 axcf2152 sshd[8611]: pam_unix(sshd:session): session opened for user admin by (uid=0)
[/code]
Comments
https://www.plcnext-community.net/en/hn-makers-blog/376-automate-your-development-workflow-with-visual-studio-code.html
... the "SSH key based authentication" section describes something similar to what you are seeing, I think.
It holds the solution to my problem and validated my suspicion about the home directory
Quote of the relevant fix for reference: