Dear All,
I have upgrade some ESX with the new release ESXi410-201201001.zip.
Now i can't connect to my esx without password promt with my rsa key.
In /var/log/messages i have this error when i'm trying to connect to my ESX from ubuntu server :
dropbear[29353]: / must be owned by user or root, and not writable by others.
The file /.ssh/authorized_keys is ok.
Someone can help me ?
thanks.
ls -la /.ssh/authorized_keys ?
result :
/.ssh # ls -la /.ssh/authorized_keys
-rw-r--r-- 1 root root 399 Mar 6 10:54 /.ssh/authorized_keys
chmod 600 /.ssh/authorized_keys
(+)
and check rights on directory .ssh it should be 700
It's done :
/.ssh # ls -la /.ssh/authorized_keys
-rw------- 1 root root 399 Mar 6 10:54 /.ssh/authorized_keys
but I have the same error and i'm prompted for password :
Mar 6 13:28:07 dropbear[42243]: / must be owned by user or root, and not writable by others
What about .ssh directory?
ls -la /
(skip all except .ssh)
result :
drwxr-xr-x 1 root root 512 Mar 6 10:11 .ssh
chmod 700 .ssh
same problem :
drwx------ 1 root root 512 Mar 6 10:11 .ssh
I have other ESX and it's works fine with the same permission. I have only this problem on two ESX after upgrade.
try restart sshd service (on esxi5 this command "/etc/init.d/SSH restart", but on esxi4.1 ? may be "/etc/init.d/TSM-SSH restart" )
thanks but it's the same :
/etc # /etc/init.d/TSM-SSH restart
Stopping tech support mode ssh server
Starting tech support mode ssh server.
Do you use the root user or other user for ssh connection (from ubuntu)?
i'm using root user.
on other ESX (without upgrade) it's works :
Mar 6 11:21:09 dropbear[26203921]: Child connection from 172.16.207.55:48458
Mar 6 11:21:09 dropbear[26203921]: pubkey auth succeeded for 'root' with key md5 c3:fd:37:2c:1d:84:99:79:14:55:74:3f:04:2a:bf:b9 from 172.16.207.55:48458
Can you restart esxi completely?
By sshd design rights on authorized_keys and .ssh directory should are restricted
Why it works for you on unpatched esxi i don't know
I don't know why but after reboot and after copy the .ssh folder to the ESX, it's works (for the two ESX without any modifications).
Thanks you for your help Valeriy.