SSH Key

Aus Doc-Wiki
Version vom 25. April 2019, 07:44 Uhr von imported>Ubadm (Die Seite wurde neu angelegt: „__NOTOC__ == Status == Using a personal ssh-key (instead of a password) to login on any of our login systems is '''not possible'''. == Technical Background == T…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

Status

Using a personal ssh-key (instead of a password) to login on any of our login systems is not possible.


Technical Background

To allow a server process (sshd) to verify the key a user login-request is presenting it needs to be able to access ~/.ssh/authorized_keys. This file is located in $HOME.

On usual local systems this is no problem as root (and sshd in this early stage of the login process) has full access to a locally mounted file system /home and can read /home/userid/.ssh/authorized_keys without any problem.

For OpenAFS this is not the case. Without a Kerberos-Tickets and correctly configured access rights no access is granted. This is true for the super user root and any service-daemons also. No process has any rights to access any files stored in OpenAFS.


Workarounds / Solutions

  • NONE available


See also


Links