From mboxrd@z Thu Jan 1 00:00:00 1970 From: taylanbayirli@gmail.com (Taylan Ulrich =?utf-8?Q?Bay=C4=B1rl=C4=B1?= =?utf-8?Q?=2FKammer?=) Subject: Re: Guix binary tarball Date: Fri, 15 May 2015 21:45:45 +0200 Message-ID: <87twvdpqty.fsf@T420.taylan> References: <20150515164602.GA13539@debian> <87382xwyoz.fsf@gnu.org> <20150515173748.GA15397@debian> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44919) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YtLYL-00068s-LD for guix-devel@gnu.org; Fri, 15 May 2015 15:45:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YtLYK-0002pa-3j for guix-devel@gnu.org; Fri, 15 May 2015 15:45:49 -0400 In-Reply-To: <20150515173748.GA15397@debian> (Andreas Enge's message of "Fri, 15 May 2015 19:37:48 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Andreas Enge Cc: guix-devel@gnu.org Andreas Enge writes: >> > As a consequence, we could not ssh into the machine any more >> > (!). >> I don=E2=80=99t see how this could happen. > > Try "chown 30000.30001 $HOME". Then ssh into the machine asks for the > passphrase instead of using the public-private key pair. I believe this is because OpenSSH, being highly pedantic (I suppose rightfully so), will refuse to acknowledge ~/.ssh/authorized_keys when its owner or permissions are wrong. (Or even merely the permissions on $HOME?) Additionally, it's a best-practice to disable password-authentication for the root account in sshd_config (Debian 8 proposes it at least) to prevent the chance of successful brute-force/dictionary attacks. Together that would mean no root SSH access to the machine at all. Taylan