Eu configurei um cliente (rinaldo) com ipa-client-install e quando eu ssh nele, ele diz Could not chdir to home directory /home/zaira/smith: Permission denied
e eu acabo no diretório /
.
$ ssh -v rinaldo
OpenSSH_6.9p1, OpenSSL 1.0.1k-fips 8 Jan 2015
debug1: Reading configuration data /home/zaira/smith/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 rinaldo
debug1: permanently_drop_suid: 1010
debug1: identity file /home/zaira/smith/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_rsa-cert type -1
debug1: identity file /home/zaira/smith/.ssh/id_dsa type 2
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9
debug1: match: OpenSSH_6.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to rinaldo:22 as 'smith'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: kex: [email protected] need=64 dh_need=64
debug1: kex: [email protected] need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:ExXrqaZXfg/AUwaEu7FJ33hhh8j6RW8Tp9Qe3vQcAiE
DNS lookup error: name does not exist
debug1: Host 'rinaldo' is known and matches the RSA host key.
debug1: Found key in /var/lib/sss/pubconf/known_hosts:2
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Decrypt integrity check failed
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /home/zaira/smith/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: Authentication succeeded (publickey).
Authenticated to rinaldo (via proxy).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env XMODIFIERS = @im=kinput2
debug1: Sending env LANG = en_US.utf8
Last login: Fri Sep 18 08:31:55 2015 from 10.0.21.200
Could not chdir to home directory /home/zaira/smith: Permission denied
/usr/bin/xauth: timeout in locking authority file /home/zaira/smith/.Xauthority
-bash: /home/zaira/smith/.bash_profile: Permission denied
-bash-4.3$ pwd
/
do arquivo /var/log/secure
:
Sep 18 08:43:30 rinaldo sshd[9130]: Accepted publickey for smith from 10.0.21.200 port 43475 ssh2: DSA SHA256:2N4kjqgS6iIHO/p/4rpErAZcKtXRY5ilQhGo6ZdEe2aQ
Sep 18 08:43:30 rinaldo systemd: pam_unix(systemd-user:session): session opened for user smith by (uid=0)
Sep 18 08:43:30 rinaldo sshd[9130]: pam_unix(sshd:session): session opened for user smith by (uid=0)
Quando eu ssh em rinaldo, eu vejo isso:
debug1: Unspecified GSS failure. Minor code may provide more information
Decrypt integrity check failed
O que pode fazer com que esta mensagem apareça?
Eu não vejo quando entro em outro cliente (ernani):
$ ssh -v ernani
OpenSSH_6.9p1, OpenSSL 1.0.1k-fips 8 Jan 2015
debug1: Reading configuration data /home/zaira/smith/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 ernani
debug1: permanently_drop_suid: 1010
debug1: identity file /home/zaira/smith/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_rsa-cert type -1
debug1: identity file /home/zaira/smith/.ssh/id_dsa type 2
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/zaira/smith/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9
debug1: match: OpenSSH_6.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to ernani:22 as 'smith'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: kex: [email protected] need=64 dh_need=64
debug1: kex: [email protected] need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:gT/ePibtXA9wWiBBzXLNPNrh5lPNjFV45cnY5oDwcW0
DNS lookup error: name does not exist
debug1: Host 'ernani' is known and matches the RSA host key.
debug1: Found key in /var/lib/sss/pubconf/known_hosts:10
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /home/zaira/smith/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: Authentication succeeded (publickey).
Authenticated to ernani (via proxy).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env XMODIFIERS = @im=kinput2
debug1: Sending env LANG = en_US.utf8
Last login: Thu Sep 17 18:19:37 2015 from 10.0.21.201
smith@ernani $
UPDATE 1
Eu tenho o seguinte no meu /etc/fstab
:
zaira2:/home/zaira /home/zaira nfs4 defaults,auto,sec=krb5i,rw,proto=tcp,port=2049 0 0
e uma vez /home/zaira
é montado,
-bash-4.3$ ll /home/
ls: cannot access /home/zaira: Permission denied
total 0
d????????? ? ? ? ? ? zaira
Então, é claro, impossível chdir para o diretório inicial.
Tags nfs