doski
Contributor
Contributor

Ssh problem after upgrade ESXi410-201201001.zip "/ must be owned by user or root, and not writable by others"

Dear All,

I have upgrade some ESX with the new release ESXi410-201201001.zip.

Now i can't connect to my esx without password promt with my rsa key.

In /var/log/messages i have this error when i'm trying to connect to my ESX from ubuntu server :

dropbear[29353]: / must be owned by user or root, and not writable by others.

The file /.ssh/authorized_keys is ok.

Someone can help me ?

thanks.

Tags (2)
0 Kudos
14 Replies
VTsukanov
Virtuoso
Virtuoso

ls -la  /.ssh/authorized_keys ?

0 Kudos
doski
Contributor
Contributor

result :

/.ssh # ls -la /.ssh/authorized_keys
-rw-r--r--    1 root     root                399 Mar  6 10:54 /.ssh/authorized_keys

0 Kudos
VTsukanov
Virtuoso
Virtuoso

chmod 600 /.ssh/authorized_keys

(+)

and check rights on directory .ssh it should be 700

0 Kudos
doski
Contributor
Contributor

It's done :

/.ssh # ls -la /.ssh/authorized_keys
-rw-------    1 root     root                399 Mar  6 10:54 /.ssh/authorized_keys

but I have the same error and i'm prompted for password :

Mar  6 13:28:07 dropbear[42243]: / must be owned by user or root, and not writable by others

0 Kudos
VTsukanov
Virtuoso
Virtuoso

What about .ssh directory?

ls -la /

(skip all except .ssh)

0 Kudos
doski
Contributor
Contributor

result :

drwxr-xr-x    1 root     root                512 Mar  6 10:11 .ssh

0 Kudos
VTsukanov
Virtuoso
Virtuoso

chmod 700 .ssh

0 Kudos
doski
Contributor
Contributor

same problem :

drwx------    1 root     root                512 Mar  6 10:11 .ssh

I have other ESX and it's works fine with the same permission. I have only this problem on two ESX after upgrade.

0 Kudos
VTsukanov
Virtuoso
Virtuoso

try restart sshd service (on esxi5 this command "/etc/init.d/SSH restart", but on esxi4.1 ? may be "/etc/init.d/TSM-SSH restart"  )

0 Kudos
doski
Contributor
Contributor

thanks but it's the same Smiley Sad :

/etc # /etc/init.d/TSM-SSH restart
Stopping tech support mode ssh server
Starting tech support mode ssh server.

0 Kudos
VTsukanov
Virtuoso
Virtuoso

Do you use the root user or other user for ssh connection (from ubuntu)?

0 Kudos
doski
Contributor
Contributor

i'm using root user.

on other ESX (without upgrade) it's works :

Mar  6 11:21:09 dropbear[26203921]: Child connection from 172.16.207.55:48458
Mar  6 11:21:09 dropbear[26203921]: pubkey auth succeeded for 'root' with key md5 c3:fd:37:2c:1d:84:99:79:14:55:74:3f:04:2a:bf:b9 from 172.16.207.55:48458

0 Kudos
VTsukanov
Virtuoso
Virtuoso

Can you restart esxi completely?

By sshd design rights on authorized_keys and .ssh directory should are restricted

Why it works for you on unpatched esxi i don't know

0 Kudos
doski
Contributor
Contributor

I don't know why but after reboot and after copy the .ssh folder to the ESX, it's works (for the two ESX without any modifications).

Thanks you for your help Valeriy.

0 Kudos