From: taylanbayirli@gmail.com (Taylan Ulrich Bayırlı/Kammer)
To: Andreas Enge <andreas@enge.fr>
Cc: guix-devel@gnu.org
Subject: Re: Guix binary tarball
Date: Fri, 15 May 2015 21:45:45 +0200 [thread overview]
Message-ID: <87twvdpqty.fsf@T420.taylan> (raw)
In-Reply-To: <20150515173748.GA15397@debian> (Andreas Enge's message of "Fri, 15 May 2015 19:37:48 +0200")
Andreas Enge <andreas@enge.fr> writes:
>> > As a consequence, we could not ssh into the machine any more
>> > (!).
>> I don’t see how this could happen.
>
> Try "chown 30000.30001 $HOME". Then ssh into the machine asks for the
> passphrase instead of using the public-private key pair.
I believe this is because OpenSSH, being highly pedantic (I suppose
rightfully so), will refuse to acknowledge ~/.ssh/authorized_keys when
its owner or permissions are wrong. (Or even merely the permissions on
$HOME?)
Additionally, it's a best-practice to disable password-authentication
for the root account in sshd_config (Debian 8 proposes it at least) to
prevent the chance of successful brute-force/dictionary attacks.
Together that would mean no root SSH access to the machine at all.
Taylan
next prev parent reply other threads:[~2015-05-15 19:45 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-15 16:46 Guix binary tarball Andreas Enge
2015-05-15 17:14 ` Ludovic Courtès
2015-05-15 17:37 ` Andreas Enge
2015-05-15 19:45 ` Taylan Ulrich Bayırlı/Kammer [this message]
2015-05-16 18:55 ` Ludovic Courtès
2015-05-16 2:53 ` Mark H Weaver
2015-05-17 21:34 ` Ludovic Courtès
2015-05-16 6:47 ` Andreas Enge
2015-05-16 18:57 ` Ludovic Courtès
2015-05-17 22:15 ` Ludovic Courtès
2015-05-17 22:45 ` Ludovic Courtès
2015-05-18 11:34 ` Andreas Enge
2015-05-18 19:38 ` Ludovic Courtès
2015-05-19 23:03 ` Mark H Weaver
2015-05-20 8:10 ` Andreas Enge
2015-05-20 10:19 ` Ludovic Courtès
2015-05-20 19:12 ` Mark H Weaver
2015-05-21 8:16 ` Ludovic Courtès
2015-06-07 12:39 ` Thomas Schwinge
2015-06-07 13:16 ` /run/current-system (was: Guix binary tarball) Thomas Schwinge
2015-06-07 16:19 ` /run/current-system Ludovic Courtès
2015-06-07 16:14 ` Guix binary tarball Ludovic Courtès
2015-06-08 9:34 ` Alex Kost
2015-06-08 21:33 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87twvdpqty.fsf@T420.taylan \
--to=taylanbayirli@gmail.com \
--cc=andreas@enge.fr \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).