Resolved - server drops key recognition

[zuser]

I have CentOS 7 running as a server on home network. The server is used primarily for file storage and an ownCloud service.
Trying to setup ssh keys so I can run rsync without password to do nightly backups from desktop.

Problem is that server fails to accept key recognition after a brief period of time.
I generated keys, setup on client and server and changed permissions as:

Code: Select all

chmod 0744 ~/
chmod 0700 ~/.ssh
chmod 0644 ~/.ssh/authorized_keys

If I immediately return to client, I can ssh to server and/or run scripts to rsync via ssh w/o password but after a few minutes, additional attempts to ssh to server result in request for password.

I can ssh to server with pw, run chmod commands again and will again have access for a few minutes w/o pw request.
Then server refuses to accept keys and cycle starts all over.

/var/log/secure shows this message:
"Authentication refused: bad ownership or modes for directory /home/..."

I have googled and found lots of issues with setting up keys but not this particular one.
Also find several different stated requirements for file permissions but those shown above seem to be most common.

Any help are references to a resolution will be appreciated.

[gerald_clark]

Why would you have to run chmod again?
Are your permissions changing?
What kind of filesystem are these directories on?
Have you been hacked?

[TrevorH]

"Authentication refused: bad ownership or modes for directory /home/..."

Is that literally what it says or is "..." some set of characters? Your home directory should be chmod 700, not 744.

[zuser]

Why would you have to run chmod again? That was my question. Only know that after failure to connect, I can ssh w/pw, do "chmod 700" again and client can again connect w/o pw.
Are your permissions changing? "ls -l" shows no changes
What kind of filesystem are these directories on? ext4
Have you been hacked?

I don't think so. I actually have 2 different servers experiencing same issue. Other is an older 32 bit box running CentOS 6.6


Additionally: running an rsync script to backup via ssh seem to "kill" the connection immediately.

As I am not overly familiar using ssh or rsync, am thinking it may be an issue in config or rsync options.

[zuser]

"Authentication refused: bad ownership or modes for directory /home/..."

Is that literally what it says or is "..." some set of characters? Your home directory should be chmod 700, not 744.

Yes, copied from the log.

FWIW: changed to chmod 700 but makes no difference.

[TrevorH]

Post the output of (after amending youruser to the correct username)

Code: Select all

ls -ldZ /home /home/youruser /home/youruser/.ssh

[zuser]

Post the output of (after amending youruser to the correct username)

Code: Select all

ls -ldZ /home /home/youruser /home/youruser/.ssh

As follows:

[wlz@snowman ~]$ ls -ldZ /home /home/wlz /home/wlz/.ssh
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home
drwxr--r--. wlz wlz unconfined_u:object_r:user_home_dir_t:s0 /home/wlz
drwx------ wlz wlz ? /home/wlz/.ssh

[TrevorH]

What is the output of getenforce

[stevemowbray]

If I immediately return to client, I can ssh to server and/or run scripts to rsync via ssh w/o password but after a few minutes, additional attempts to ssh to server result in request for password.

What exactly are you rsyncing? Maybe that's what's changing the permissions, if you are rsyncing to the home directory?

[zuser]

What is the output of getenforce

Disabled