# passworldless ssh not working

## Krog

hi, i'm playing with a new single board computer (banana pro) and i want to share ssh keys with my main computer.

on both machines I have the same user called "krog" with different password.

on the banana pro I did:

ssh-keygen -t rsa

then I copied the public key from .ssh/id_rsa.pub of the banana pro

to .ssh/authorized_keys of the main computer

I did the opposite operations.

Now I can do ssh to the banana and the password is not asked, but from the banana to my main pc the password is still asked!

openssh was built with these use flags:

```
[ebuild   R    ] net-misc/openssh-7.3_p1-r7::gentoo  USE="X hpn kerberos ldap pam pie ssl -X509 -bindist -debug -ldns -libedit (-libressl) -livecd -sctp (-selinux) -skey -ssh1 -static {-test}" 0 KiB
```

the file /etc/ssh/ssh_config  on both machines is exactly the same (excluding comments):

```
Host *

SendEnv LANG LC_*

HashKnownHosts yes

GSSAPIAuthentication yes

GSSAPIDelegateCredentials no
```

what am I missing?

----------

## Hu

Does the server permit key-based authentication?  Are the key files configured such that the server's rules will allow you to use them?  OpenSSH has some builtin restrictions to prevent you from using certain very insecure configurations, such as world writable authorized_keys or world readable private keys.  You can check some aspects of this by running ssh -vvv server to get very very verbose output from ssh.  If you still need help, please post the output of ls -al ~/.ssh/ from both machines, cat -n ~/.ssh/config on the client, and cat -n /etc/ssh/sshd_config on the server.

----------

## Krog

ssh with password works both ways.

ssh from banana to krogpc (the one not working with the key):

```
krog@krogbanana:~$ ssh -vvv 192.168.1.230

OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t  3 May 2016

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug2: ssh_connect: needpriv 0

debug1: Connecting to 192.168.1.230 [192.168.1.230] port 22.

debug1: Connection established.

debug1: identity file /home/krog/.ssh/id_rsa type 1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_rsa-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_dsa type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_dsa-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_ecdsa type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_ecdsa-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_ed25519 type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_ed25519-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.3p1-hpn14v11

debug1: match: OpenSSH_7.3p1-hpn14v11 pat OpenSSH* compat 0x04000000

debug2: fd 3 setting O_NONBLOCK

debug3: load_hostkeys: loading entries for host "192.168.1.230" from file "/home/krog/.ssh/known_hosts"

debug3: load_hostkeys: found key type ED25519 in file /home/krog/.ssh/known_hosts:1

debug3: load_hostkeys: loaded 1 keys

debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519

debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr

debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr

debug2: kex_parse_kexinit: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

debug2: kex_parse_kexinit: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: mac_setup: setup umac-128-etm@openssh.com

debug1: kex: server->client aes128-ctr umac-128-etm@openssh.com none

debug2: mac_setup: setup umac-128-etm@openssh.com

debug1: kex: client->server aes128-ctr umac-128-etm@openssh.com none

debug1: sending SSH2_MSG_KEX_ECDH_INIT

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ED25519 c4:2c:b7:10:0f:66:02:23:d5:f0:f0:07:fe:94:7f:f1

debug3: load_hostkeys: loading entries for host "192.168.1.230" from file "/home/krog/.ssh/known_hosts"

debug3: load_hostkeys: found key type ED25519 in file /home/krog/.ssh/known_hosts:1

debug3: load_hostkeys: loaded 1 keys

debug1: Host '192.168.1.230' is known and matches the ED25519 host key.

debug1: Found key in /home/krog/.ssh/known_hosts:1

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/krog/.ssh/id_rsa (0xb763f9f0),

debug2: key: /home/krog/.ssh/id_dsa ((nil)),

debug2: key: /home/krog/.ssh/id_ecdsa ((nil)),

debug2: key: /home/krog/.ssh/id_ed25519 ((nil)),

debug1: Authentications that can continue: publickey,password

debug3: start over, passed a different list publickey,password

debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering RSA public key: /home/krog/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,password

debug1: Trying private key: /home/krog/.ssh/id_dsa

debug3: no such identity: /home/krog/.ssh/id_dsa: No such file or directory

debug1: Trying private key: /home/krog/.ssh/id_ecdsa

debug3: no such identity: /home/krog/.ssh/id_ecdsa: No such file or directory

debug1: Trying private key: /home/krog/.ssh/id_ed25519

debug3: no such identity: /home/krog/.ssh/id_ed25519: No such file or directory

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred: ,password

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

krog@192.168.1.230's password: 

```

ssh from krogpc to banana (the one working with key):

```
krog@KROGPC-SKYLAKE ~ % ssh -vvv 192.168.1.82

OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2k  26 Jan 2017

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 20: Applying options for *

debug2: resolving "192.168.1.82" port 22

debug2: ssh_connect_direct: needpriv 0

debug1: Connecting to 192.168.1.82 [192.168.1.82] port 22.

debug1: Connection established.

debug1: identity file /home/krog/.ssh/id_rsa type 1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_rsa-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_dsa type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_dsa-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_ecdsa type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_ecdsa-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_ed25519 type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/krog/.ssh/id_ed25519-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_7.3p1-hpn14v11

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3

debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000

debug1: Remote is NON-HPN aware

debug2: fd 3 setting O_NONBLOCK

debug1: Authenticating to 192.168.1.82:22 as 'krog'

debug3: hostkeys_foreach: reading file "/home/krog/.ssh/known_hosts"

debug3: record_hostkey: found key type ED25519 in file /home/krog/.ssh/known_hosts:1

debug3: load_hostkeys: loaded 1 keys from 192.168.1.82

debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent

debug3: receive packet: type 20

debug1: SSH2_MSG_KEXINIT received

debug1: AUTH STATE IS 0

debug2: local client KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c

debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc

debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,zlib@openssh.com,zlib

debug2: compression stoc: none,zlib@openssh.com,zlib

debug2: languages ctos: 

debug2: languages stoc: 

debug2: first_kex_follows 0 

debug2: reserved 0 

debug2: peer server KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

debug2: host key algorithms: ssh-rsa,ssh-ed25519

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr

debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

debug2: compression ctos: none,zlib@openssh.com

debug2: compression stoc: none,zlib@openssh.com

debug2: languages ctos: 

debug2: languages stoc: 

debug2: first_kex_follows 0 

debug2: reserved 0 

debug1: kex: algorithm: curve25519-sha256@libssh.org

debug1: kex: host key algorithm: ssh-ed25519

debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug3: send packet: type 30

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug3: receive packet: type 31

debug1: Server host key: ssh-ed25519 SHA256:blabla

debug3: hostkeys_foreach: reading file "/home/krog/.ssh/known_hosts"

debug3: record_hostkey: found key type ED25519 in file /home/krog/.ssh/known_hosts:1

debug3: load_hostkeys: loaded 1 keys from 192.168.1.82

debug1: Host '192.168.1.82' is known and matches the ED25519 host key.

debug1: Found key in /home/krog/.ssh/known_hosts:1

debug3: send packet: type 21

debug2: set_newkeys: mode 1

debug1: rekey after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: receive packet: type 21

debug1: SSH2_MSG_NEWKEYS received

debug2: set_newkeys: mode 0

debug1: rekey after 134217728 blocks

debug2: key: /home/krog/.ssh/id_rsa (0x56237960e3c0)

debug2: key: /home/krog/.ssh/id_dsa ((nil))

debug2: key: /home/krog/.ssh/id_ecdsa ((nil))

debug2: key: /home/krog/.ssh/id_ed25519 ((nil))

debug3: send packet: type 5

debug3: receive packet: type 6

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug3: send packet: type 50

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,password

debug3: start over, passed a different list publickey,password

debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering RSA public key: /home/krog/.ssh/id_rsa

debug3: send_pubkey_test

debug3: send packet: type 50

debug2: we sent a publickey packet, wait for reply

debug3: receive packet: type 60

debug1: Server accepts key: pkalg ssh-rsa blen 279

debug2: input_userauth_pk_ok: fp SHA256:blabla

debug3: sign_and_send_pubkey: RSA SHA256:blabla

debug3: send packet: type 50

debug3: receive packet: type 52

debug1: Authentication succeeded (publickey).

Authenticated to 192.168.1.82 ([192.168.1.82]:22).

debug1: HPN to Non-HPN Connection

debug1: Final hpn_buffer_size = 2097152

debug1: HPN Disabled: 0, HPN Buffer Size: 2097152

debug1: channel 0: new [client-session]

debug1: Enabled Dynamic Window Scaling

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug3: send packet: type 90

debug1: Requesting no-more-sessions@openssh.com

debug3: send packet: type 80

debug1: Entering interactive session.

debug1: pledge: network

debug3: receive packet: type 91

debug2: callback start

debug2: fd 3 setting TCP_NODELAY/SCTP_NODELAY

debug3: ssh_packet_set_tos: set IP_TOS 0x10

debug2: client_session2_setup: id 0

debug2: channel 0: request pty-req confirm 1

debug3: send packet: type 98

debug1: Sending environment.

debug3: Ignored env WINDOWID

debug3: Ignored env GTK2_RC_FILES

debug3: Ignored env XDG_RUNTIME_DIR

debug3: Ignored env QT_PLUGIN_PATH

debug3: Ignored env MAIL

debug3: Ignored env XDG_SESSION_DESKTOP

debug3: Ignored env MANPAGER

debug3: Ignored env LESSOPEN

debug3: Ignored env GUILE_LOAD_PATH

debug3: Ignored env GSETTINGS_BACKEND

debug3: Ignored env GTK_RC_FILES

debug3: Ignored env CONFIG_PROTECT

debug3: Ignored env UNCACHED_ERR_FD

debug3: Ignored env XDG_SEAT

debug3: Ignored env DISTCC_FALLBACK

debug3: Ignored env LOGNAME

debug3: Ignored env DISPLAY

debug3: Ignored env COLORFGBG

debug3: Ignored env PROFILEHOME

debug3: Ignored env LESS

debug3: Ignored env XDG_CURRENT_DESKTOP

debug3: Ignored env MANPATH

debug3: Ignored env XAUTHORITY

debug3: Ignored env JAVA_HOME

debug3: Ignored env VBOX_APP_HOME

debug3: Ignored env KONSOLE_DBUS_WINDOW

debug3: Ignored env DCC_EMAILLOG_WHOM_TO_BLAME

debug3: Ignored env KONSOLE_DBUS_SESSION

debug3: Ignored env KONSOLE_DBUS_SERVICE

debug1: Sending env LANG = it_IT.UTF-8

debug2: channel 0: request env confirm 0

debug3: send packet: type 98

debug3: Ignored env XDG_SESSION_TYPE

debug3: Ignored env KDE_FULL_SESSION

debug3: Ignored env XDG_VTNR

debug3: Ignored env PWD

debug3: Ignored env SESSION_MANAGER

debug3: Ignored env KDE_SESSION_VERSION

debug3: Ignored env QT_GRAPHICSSYSTEM

debug3: Ignored env DBUS_SESSION_BUS_ADDRESS

debug3: Ignored env GS_LIB

debug3: Ignored env USER

debug3: Ignored env SHLVL

debug3: Ignored env XCURSOR_SIZE

debug3: Ignored env JAVAC

debug3: Ignored env XDG_DATA_DIRS

debug3: Ignored env PAGER

debug3: Ignored env GTK_MODULES

debug3: Ignored env DISTCC_SAVE_TEMPS

debug3: Ignored env DESKTOP_SESSION

debug3: Ignored env SHELL_SESSION_ID

debug3: Ignored env XDG_SESSION_COOKIE

debug3: Ignored env SSH_ASKPASS

debug3: Ignored env XDG_SESSION_PATH

debug3: Ignored env DISTCC_VERBOSE

debug3: Ignored env KDE_MULTIHEAD

debug3: Ignored env JDK_HOME

debug3: Ignored env PAM_KWALLET5_LOGIN

debug3: Ignored env PATH

debug3: Ignored env OPENCL_PROFILE

debug3: Ignored env LANGUAGE

debug3: Ignored env DISTCC_TCP_CORK

debug3: Ignored env TERM

debug3: Ignored env DISTCC_ENABLE_DISCREPANCY_EMAIL

debug3: Ignored env MULTIOSDIRS

debug3: Ignored env QT_AUTO_SCREEN_SCALE_FACTOR

debug3: Ignored env XCURSOR_THEME

debug3: Ignored env CONFIG_PROTECT_MASK

debug3: Ignored env ANT_HOME

debug3: Ignored env OPENGL_PROFILE

debug3: Ignored env SHELL

debug3: Ignored env KONSOLE_PROFILE_NAME

debug3: Ignored env EDITOR

debug3: Ignored env DISTCC_SSH

debug3: Ignored env XDG_CONFIG_DIRS

debug3: Ignored env _

debug3: Ignored env KDE_SESSION_UID

debug3: Ignored env GCC_SPECS

debug3: Ignored env XDG_SESSION_CLASS

debug3: Ignored env HOME

debug3: Ignored env XDG_SEAT_PATH

debug3: Ignored env PAM_KWALLET_LOGIN

debug3: Ignored env INFOPATH

debug3: Ignored env OLDPWD

debug3: Ignored env LS_COLORS

debug2: channel 0: request shell confirm 1

debug3: send packet: type 98

debug2: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

debug3: receive packet: type 99

debug2: channel_input_status_confirm: type 99 id 0

debug2: PTY allocation request accepted on channel 0

debug2: channel 0: rcvd adjust 2097152

debug3: receive packet: type 99

debug2: channel_input_status_confirm: type 99 id 0

debug2: shell request accepted on channel 0

debug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

Linux krogbanana 3.4.113-bananian #8 SMP PREEMPT Sat Nov 26 00:48:28 UTC 2016 armv7l

debug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

------------------------------------------------------------------------ 

Welcome to Bananian Linux!

For news and updates check: https://www.bananian.orgdebug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

Any questions? Read the FAQ first: https://www.bananian.org/faq

Run 'bananian-config' to set up Bananian Linuxdebug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

Run 'bananian-update' to check for distribution updates

------------------------------------------------------------------------

Last login: Mon Jan 30 08:29:40 2017 from 192.168.1.230

debug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

krog@krogbanana:~$ debug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

^Cdebug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3

krog@krogbanana:~$ debug2: tcpwinsz: 367360 for connection: 3
```

/home/krog/.ssh/id_rsa indeed exists and contains my private key!

on krogpc (the one that can connect with key but not be contacted with key):

```
krog@KROGPC-SKYLAKE ~ % ls -al ~/.ssh/

totale 44

drwx--S---   2 krog portage  4096 29 gen 09.07 .

drwxrwsr-x 283 krog portage 20480 30 gen 08.28 ..

-rw-------   1 krog portage   397 29 gen 17.59 authorized_keys

-rw-------   1 krog portage  1679 29 gen 09.06 id_rsa

-rw-r--r--   1 krog portage   401 29 gen 09.06 id_rsa.pub

-rw-r--r--   1 krog portage   142 29 gen 09.06 known_hosts
```

on banana (the one able to receive ssh connection with key but not connecting with key to krogpc):

```
krog@krogbanana:~$ ls -al ~/.ssh/

totale 24

drwx------  2 krog krog 4096 gen 29 09:36 .

drwxr-xr-x 13 krog krog 4096 gen 29 15:47 ..

-rw-------  1 krog krog  401 gen 29 09:06 authorized_keys

-rw-------  1 krog krog 1679 gen 29 09:35 id_rsa

-rw-r--r--  1 krog krog  397 gen 29 09:35 id_rsa.pub

-rw-r--r--  1 krog krog  222 gen 29 09:07 known_hosts
```

cat -n ~/.ssh/config does not give any result on both machines.

on both machines to try to have the same result i have:

cat -n /etc/ssh/sshd_config

```
KROGPC-SKYLAKE krog # cat -n /etc/ssh/sshd_config

     1  # Package generated configuration file

     2  # See the sshd_config(5) manpage for details

     3

     4  # What ports, IPs and protocols we listen for

     5  Port 22

     6  # Use these options to restrict which interfaces/protocols sshd will bind to

     7  #ListenAddress ::

     8  #ListenAddress 0.0.0.0

     9  Protocol 2

    10  # HostKeys for protocol version 2

    11  HostKey /etc/ssh/ssh_host_rsa_key

    12  HostKey /etc/ssh/ssh_host_ed25519_key

    13

    14  # https://bettercrypto.org/ 20150712

    15  #HostKey /etc/ssh/ssh_host_dsa_key

    16  #HostKey /etc/ssh/ssh_host_ecdsa_key

    17

    18  #Privilege Separation is turned on for security

    19  UsePrivilegeSeparation yes

    20

    21  # Lifetime and size of ephemeral version 1 server key

    22  KeyRegenerationInterval 3600

    23  ServerKeyBits 1024

    24

    25  # Logging

    26  SyslogFacility AUTH

    27  LogLevel INFO

    28

    29  # Authentication:

    30  LoginGraceTime 120

    31  PermitRootLogin no

    32  StrictModes yes

    33

    34  RSAAuthentication yes

    35  PubkeyAuthentication yes

    36  #AuthorizedKeysFile     %h/.ssh/authorized_keys

    37

    38  # Don't read the user's ~/.rhosts and ~/.shosts files

    39  IgnoreRhosts yes

    40  # For this to work you will also need host keys in /etc/ssh_known_hosts

    41  RhostsRSAAuthentication no

    42  # similar for protocol version 2

    43  HostbasedAuthentication no

    44  # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

    45  #IgnoreUserKnownHosts yes

    46

    47  # To enable empty passwords, change to yes (NOT RECOMMENDED)

    48  PermitEmptyPasswords no

    49

    50  # Change to yes to enable challenge-response passwords (beware issues with

    51  # some PAM modules and threads)

    52  ChallengeResponseAuthentication no

    53

    54  # Change to no to disable tunnelled clear text passwords

    55  #PasswordAuthentication yes

    56

    57  # Kerberos options

    58  #KerberosAuthentication no

    59  #KerberosGetAFSToken no

    60  #KerberosOrLocalPasswd yes

    61  #KerberosTicketCleanup yes

    62

    63  # GSSAPI options

    64  #GSSAPIAuthentication no

    65  #GSSAPICleanupCredentials yes

    66

    67  X11Forwarding yes

    68  X11DisplayOffset 10

    69  PrintMotd no

    70  PrintLastLog yes

    71  TCPKeepAlive yes

    72  #UseLogin no

    73

    74  #MaxStartups 10:30:60

    75  #Banner /etc/issue.net

    76

    77  # Allow client to pass locale environment variables

    78  AcceptEnv LANG LC_*

    79

    80  Subsystem sftp /usr/lib/openssh/sftp-server

    81

    82  # Set this to 'yes' to enable PAM authentication, account processing,

    83  # and session processing. If this is enabled, PAM authentication will

    84  # be allowed through the ChallengeResponseAuthentication and

    85  # PasswordAuthentication.  Depending on your PAM configuration,

    86  # PAM authentication via ChallengeResponseAuthentication may bypass

    87  # the setting of "PermitRootLogin without-password".

    88  # If you just want the PAM account and session checks to run without

    89  # PAM authentication, then enable this but set PasswordAuthentication

    90  # and ChallengeResponseAuthentication to 'no'.

    91  UsePAM yes

    92

    93  UseDNS no

    94

    95  # https://bettercrypto.org/ 20150712

    96  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr

    97  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

    98  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

```

(i copied the one from banana to krogpc just now trying to solve the issue, restarted sshd but same result)

----------

## szatox

Looks like damaged public key on the client (don't ask, I didn't believe it is possible until I saw it myself). Remove public key file and only leave private one there. Ssh will stop being smart and hopefully do the right thing this time.

You can also try extracting public key from private one to make sure your public keyfile is actually correct.

----------

## ChrisJumper

Hi Krog,

i think it is a bad idea to just copy private and public key on both machines. Ok if you just copied them on this two machines thats not a big deal, but if you have more then two and you use your banana public key to logon on computer 5, 6, 8... than an intruder on your krogpc could hijack all the other machines too, because you leave the private key!

Better is: Just generate another private and public key on krogpc and copy that public key (or if more then one, attach it) to your banana pc's user's .ssh/authorized_keys

I am not 100% Sure if its important, but the Key you generate on Banana have a "user@host" signature. I think its not important to match that. But its documentation friendly.

The error you have, is that i think: You have different Server Configurations (/etc/ssh/sshd_config)on both computers or forgot to restart the daemon after updating the configuration files. Hint: Line 36 on your Posted sshd_config "#AuthorizedKeysFile     %h/.ssh/authorized_keys" its disabled!

Just because its complicate here are the steps that you have to take care of:

Romeo wants to login at Juliets account on juliet@capulet:

Romeo generate his ssh-keygen -t rsa keys.

He give one USB Stick with his public Key to Juliet.

Juliet log in on her Account (juliet@carpulet).

She adds Romeos public Key to her .ssh/authorized_keys File.

She had to start the sshd Daemon and allow in sshd_config:

```

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile      %h/.ssh/authorized_keys

```

And restart the Server.

===============

But thats not all. The Client/Server Stuff could be tricky. In order to got access for some Batch-Scripts i had to set: UsePAM yes.

And as you see in your Debug-Messages: Your SSH Client and the Server negotiate the login Patter. I am not sure if your public Key not worked or it just fall back to the password Method. You could try to disable the Passwort and Keyboard Methods:

In sshd_config

```

KbdInteractiveAuthentication no

PasswordAuthentication no

ChallengeResponseAuthentication no

```

Its good to use another Port then the Standard-Port, especial on Machines that are accessible over the Net. And i am not sure if the known Hosts System is just a another Machines signature Check, and adds a second Layer of security or if its another optional authentication method. Have to read more about it sometimes.

Not sure if the known hosts bring you in truble if you changed ip Addresses (IPv4/IPv6), Hardware (NIC: Mac-Adress)..

----------

## Hu

Krog: your client output looks fine.  The client tried to use the private key.  There should be a server log message explaining why it declined to use the private key.

Your home directory permissions on krogpc look very strange.  You should not be in the Portage group at all.  It is unusual to have a setgid home directory.  As I read the source, sshd will refuse to use any key file which is writable by group or world, as well as any key file in a directory that is group or world writable, recursively up to the root.  Remove group write on your home directory and try again.

 *ChrisJumper wrote:*   

> Hi Krog,
> 
> i think it is a bad idea to just copy private and public key on both machines. Ok if you just copied them on this two machines thats not a big deal, but if you have more then two and you use your banana public key to logon on computer 5, 6, 8... than an intruder on your krogpc could hijack all the other machines too, because you leave the private key!
> 
> Better is: Just generate another private and public key on krogpc and copy that public key (or if more then one, attach it) to your banana pc's user's .ssh/authorized_keys

 As I read the opening post, Krog performed the steps you advocate here.

 *ChrisJumper wrote:*   

> The error you have, is that i think: You have different Server Configurations (/etc/ssh/sshd_config)on both computers or forgot to restart the daemon after updating the configuration files. Hint: Line 36 on your Posted sshd_config "#AuthorizedKeysFile     %h/.ssh/authorized_keys" its disabled!

 If unset, an internal default is used.  That default should be appropriate here.  The OpenSSH team traditionally include commented out lines reiterating the default values.

----------

## Krog

first of all: thanks for every hint.

I commented out that line of sshd_config

i now have:

```
krog@KROGPC-SKYLAKE ~ % ls /home/krog/.ssh -l

totale 16

-rw------- 1 krog krog  397 29 gen 17.59 authorized_keys

-rw------- 1 krog krog 1679 29 gen 09.06 id_rsa

-rw------- 1 krog krog  401 29 gen 09.06 id_rsa.pub

-rw------- 1 krog krog  142 29 gen 09.06 known_hosts

krog@KROGPC-SKYLAKE ~ % 

```

in both my sshd_config there is:

```
RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile      %h/.ssh/authorized_keys 
```

but still... nothing works  :Sad: 

i NEED to be able to ssh with key from banana to krogpc in order to use some scripts from my phone (phone ssh to banana via tasker and launches some scripts that ssh to krogpc and do stuff like sync)

----------

## bbgermany

Hi,

how did you copy the public keys from one host to another?

greets, bb

----------

## Krog

i tried every way, from the copy-paste to the ssh-copy-id -i ~/.ssh/id_rsa.pub $remote_user@$remote_host

in both ways it works from krogc to banana but not from banana to krogpc...

----------

## bbgermany

Can you please try out my sshd_config files?

```
PermitRootLogin yes

PasswordAuthentication no

UsePAM yes

X11Forwarding yes

PrintMotd no

PrintLastLog no

Subsystem       sftp    /usr/lib64/misc/sftp-server

AcceptEnv LANG LC_*

```

Thats all I have in my config and it works.

greets, bb

----------

## Krog

with passwordautentication no i will not be able to log in via password? that is now the only working way and i need that  :Smile: 

----------

## bbgermany

 *Krog wrote:*   

> with passwordautentication no i will not be able to log in via password? that is now the only working way and i need that 

 

Thats ok, you can leave your yes in there  :Smile:  I should have checked that first  :Wink: 

EDIT: Did you set a password when creating the keyfiles with ssh-keygen?

----------

## Krog

no, no password... the needing is to create scripts on banana that does ssh and stuff on krogpc without asking for a password

----------

## bbgermany

Ok, have you tried the config now with the modification?

```
PermitRootLogin yes 

PasswordAuthentication yes

UsePAM yes 

X11Forwarding yes 

PrintMotd no 

PrintLastLog no 

Subsystem       sftp    /usr/lib64/misc/sftp-server 

AcceptEnv LANG LC_* 

```

greets, bb

----------

## Krog

just now, still the same  :Sad: 

----------

## krinn

listen to Hu, fix your /home permission

----------

## bbgermany

Hi,

the permissions are the same on my servers/clients (they are correctly working here) but the group membership is quite strange as Hu already told you.

Can you show the output of 

```
cat /etc/ssh/ssh_config
```

for both sides as well please.

greets, bb

----------

## Krog

 *bbgermany wrote:*   

> Hi,
> 
> the permissions are the same on my servers/clients (they are correctly working here) but the group membership is quite strange as Hu already told you.
> 
> Can you show the output of 
> ...

 

i fixed the permissions of every file giving 600 permission and chgrp to that user... the cat of ssh_config is the first thing i posted in the beginning of the post!

----------

## bbgermany

Thats in my ssh_config only. Try it please:

```
SendEnv LANG LC_*
```

oh and not every file needs 600 as permissions. you should have it more like this:

```

-rw-------  1 root root 1575 31. Jan 12:21 authorized_keys

-rw-------  1 root root 1679 31. Jan 09:49 id_rsa

-rw-r--r--  1 root root  392 31. Jan 09:49 id_rsa.pub

-rw-------  1 root root 1816 30. Mai 2016  known_hosts

```

greets, bb

----------

## Krog

 *bbgermany wrote:*   

> Thats in my ssh_config only. Try it please:
> 
> ```
> SendEnv LANG LC_*
> ```
> ...

 

bbgermany

i thank you for your help, I know that you are dedicating your time to me and this is really appreciated, i'm sincere... but that option is already present in my ssh_config as you can see from the top of this thread

----------

## bbgermany

Thats ok, it looks like a problem that really needs fixing  :Very Happy:  although it is demanding  :Wink: 

i meant, can you remove all the other lines from the config, just to make sure that this isnt the issue.

greets bb

EDIT: btw, have you checked the serverside logfile for the message when you try to access it? maybe you need to turn up debugging on the server as well for this to get more information.

----------

## Krog

yeah i want to try that... how to turn to the maximum every possible debug output and where to look for the log?

----------

## bbgermany

Just check for "LogLevel" in your sshd_config and change it to DEBUG (everywhere I see it in uppercase, maybe its required this way). then you will see all the debug output after restarting the sshd in /var/log/auth.log

greets, bb

----------

## cboldt

from `man sshd_config` ...

```
     LogLevel

             Gives the verbosity level that is used when logging messages from sshd(8).  The possi‐

             ble values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.

             The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2 and DEBUG3 each specify

             higher levels of debugging output.  Logging with a DEBUG level violates the privacy of

             users and is not recommended.
```

... just in case "DEBUG" doesn't give enough information.  I'm curious about the resolution of this.

----------

## Krog

just to be safe, can i post logs obtained with this debug level?

i saw by accident that posting ssh -vvv leads to post here my key and i deleted from the paste...

----------

## Krog

we are going close i think!

```
 Authentication refused: bad ownership or modes for directory /home/krog
```

i see:

```
KROGPC-SKYLAKE /home # ls -l /home

totale 56

drwxr-xr-x  67 billa root   4096 31 gen 09.26 billa

drwxr-xr-x   4 root  root   4096  6 giu  2012 ftp

drwxr-sr-x 283 krog  krog  20480 31 gen 14.27 krog

drwx------   2 root  root  16384 18 feb  2009 lost+found

drwxr-xr-x   2 dhcp  root   4096  3 feb  2009 p2p

drwxrwxrwx   2 root  users  4096 21 gen 08.42 samba

KROGPC-SKYLAKE /home #

```

i think all my permissions are a bit screwed because I changed entirely my pc, i attached the old /home disk and THEN i re-created all my users... probably most of the folders belonging to my main user (krog) took the first group available or something like that... what exactly is this "s" here: drwxr-sr-x ? the group was wrong too, i corrected that but the issue is still there.... maybe this s is the cause

----------

## Krog

IT WORKED! i removed that damn s!

```
KROGPC-SKYLAKE /home # chmod 755 krog

KROGPC-SKYLAKE /home # ls -l

totale 56

drwxr-xr-x  67 billa billa  4096 31 gen 09.26 billa

drwxr-xr-x   4 root  root   4096  6 giu  2012 ftp

drwxr-sr-x 283 krog  krog  20480 31 gen 14.32 krog

drwx------   2 root  root  16384 18 feb  2009 lost+found

drwxr-xr-x   2 dhcp  root   4096  3 feb  2009 p2p

drwxrwxrwx   2 root  users  4096 21 gen 08.42 samba

KROGPC-SKYLAKE /home # chmod 0755 krog

KROGPC-SKYLAKE /home # ls -l

totale 56

drwxr-xr-x  67 billa billa  4096 31 gen 09.26 billa

drwxr-xr-x   4 root  root   4096  6 giu  2012 ftp

drwxr-sr-x 283 krog  krog  20480 31 gen 14.32 krog

drwx------   2 root  root  16384 18 feb  2009 lost+found

drwxr-xr-x   2 dhcp  root   4096  3 feb  2009 p2p

drwxrwxrwx   2 root  users  4096 21 gen 08.42 samba

KROGPC-SKYLAKE /home # chmod u-s krog

KROGPC-SKYLAKE /home # ls -l

totale 56

drwxr-xr-x  67 billa billa  4096 31 gen 09.26 billa

drwxr-xr-x   4 root  root   4096  6 giu  2012 ftp

drwxr-sr-x 283 krog  krog  20480 31 gen 14.32 krog

drwx------   2 root  root  16384 18 feb  2009 lost+found

drwxr-xr-x   2 dhcp  root   4096  3 feb  2009 p2p

drwxrwxrwx   2 root  users  4096 21 gen 08.42 samba

KROGPC-SKYLAKE /home # chmod 000 krog

KROGPC-SKYLAKE /home # ls -l

totale 56

drwxr-xr-x  67 billa billa  4096 31 gen 09.26 billa

drwxr-xr-x   4 root  root   4096  6 giu  2012 ftp

d-----S--- 283 krog  krog  20480 31 gen 14.32 krog

drwx------   2 root  root  16384 18 feb  2009 lost+found

drwxr-xr-x   2 dhcp  root   4096  3 feb  2009 p2p

drwxrwxrwx   2 root  users  4096 21 gen 08.42 samba

KROGPC-SKYLAKE /home # chmod -s krog

KROGPC-SKYLAKE /home # ls -l

totale 56

drwxr-xr-x  67 billa billa  4096 31 gen 09.26 billa

drwxr-xr-x   4 root  root   4096  6 giu  2012 ftp

d--------- 283 krog  krog  20480 31 gen 14.32 krog

drwx------   2 root  root  16384 18 feb  2009 lost+found

drwxr-xr-x   2 dhcp  root   4096  3 feb  2009 p2p

drwxrwxrwx   2 root  users  4096 21 gen 08.42 samba

KROGPC-SKYLAKE /home # chmod 755 krog

KROGPC-SKYLAKE /home # ls -l

totale 56

drwxr-xr-x  67 billa billa  4096 31 gen 09.26 billa

drwxr-xr-x   4 root  root   4096  6 giu  2012 ftp

drwxr-xr-x 283 krog  krog  20480 31 gen 14.32 krog

drwx------   2 root  root  16384 18 feb  2009 lost+found

drwxr-xr-x   2 dhcp  root   4096  3 feb  2009 p2p

drwxrwxrwx   2 root  users  4096 21 gen 08.42 samba

KROGPC-SKYLAKE /home #

krog@KROGPC-SKYLAKE ~ %

Connection to 192.168.1.230 closed.

krog@krogbanana:~$ ssh 192.168.1.230

Last login: Tue Jan 31 14:39:23 2017 from 192.168.1.82

krog@KROGPC-SKYLAKE ~ %

```

WIN WIN WIN WIN

thanks to everybody  :Smile: 

----------

## cboldt

I assume the DEBUG log divulges information that you do not want to divulge to us.  Review and edit the output before sharing it.

----------

## cboldt

"s" in that position represents "set group ID," affecting all new files and directories created under that directory.

Edit to add, `chmod g-s` would have cleared it directly.

One more addition, this was new to me, might be useful in general ...

```
chmod  preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.  You can set or clear the bits with symbolic modes like u+s and g-s, and  you can set (but not clear) the bits with a numeric mode.
```

Last edited by cboldt on Tue Jan 31, 2017 2:04 pm; edited 1 time in total

----------

## Krog

considering my /home folder is more or less 15 years old, passed by many hard disks and at least 3 different computers, it will remain a big mistery why and when that folder got this strange permission  :Smile: 

thanks again to everybody, I learned something new today

----------

## cboldt

You may have lingering odd owners or permissions buried in your /home/krog directory.  My /home directory, like yours, has passed from drive to drive and system to system, and collected all sorts of "trouble" due to my ineptitude.  I think I found and cleared them all, using `find`, but I doubt I could summarize exactly what I did to make the structure consistent with what I expected and wanted.

FWIW, I had similar issues in the system too, same underlying cause, migration from one installation to another.

----------

## Krog

using chown and chgrp with -R option on the top of the home folder would fix everything, am i right?

----------

## cboldt

Yes, for owner:group, you can use just `chown -R owner:group` for your home directory.  The pickle I got myself in was affecting things like /var/cron and /var/mail, where owner:group was not consistent.

----------

## Krog

as i have many symlinks under my home folder... a chown -R would follow these symlinks? that would be really unwanted

sorry, this is really a noob question, i understand that

----------

## cboldt

It's a good question.  `man chown` covers the subject ...

```
       -R, --recursive

              operate on files and directories recursively

       The  following options modify how a hierarchy is traversed when the -R option is also speci‐

       fied.  If more than one is specified, only the final one takes effect.

       -H     if a command line argument is a symbolic link to a directory, traverse it

       -L     traverse every symbolic link to a directory encountered

       -P     do not traverse any symbolic links (default)
```

I'd test that, myself, on a limited hierarchy that involved a symlink to a place where owner and group were not "me," to be satisfied that "-P" acted the way I think it does.

----------

## khayyam

 *Krog wrote:*   

> as i have many symlinks under my home folder... a chown -R would follow these symlinks? that would be really unwanted sorry

 

Krog ... the default is '--dereference', so you would use '--no-dereference' (see: 'man chown').

```
% su -

# touch /tmp/test

# exit

% ls -l /tmp/test

-rw-r--r-- 1 root root 0 2017-01-31 17:02 /tmp/test

% ln -s /tmp/test .

% ls -l test

lrwxrwxrwx 1 khayyam users 9 2017-01-31 17:02 test -> /tmp/test

% chown khayyam:wheel test

chown: changing ownership of 'test': Operation not permitted

% chown --no-dereference khayyam:wheel test

changed ownership of 'test' from khayyam:users to khayyam:wheel
```

For completeness it might also be worth mentioning 'find . -type f', and '-type d', and zsh's 'glob qualifiers' '**/*(^@)' ... which could be used to exclude symbolic links.

HTH & best ... khay

----------

## cboldt

khayyam brings up a good point, one I overlooked by assuming that the symlinks you referred to were symlinks to directories.  the "-P" default only works against symlinks to directories.  If you have symlinks to files, `chown -R` will operate on the referenced files unless you use --no-dereference

----------

## Krog

Thanks  :Smile: 

----------

