[OS X] ssh key not working due to home dir permissions

[Andy Jacobson]

Howdy,

	I have recently started using the public key and ssh-agent to stop  
typing passwords all the time.  It's great if you take the trouble to  
read up on how it works.  The purpose of this email is simply to  
document one particular way it can fail.

	Some of the macs I would connect to would accept the public key  
authorization, and others would reject it (and thus ask me for a  
password).  I verified that the ssh configurations were identical,  
and eventually tracked it down to improper permissions on my home  
directory.  For the machines that were rejecting the key, I had  
changed my unix group.  Normally a user "andy" is assigned to a unix  
group called "andy".  For purposes of collaborating with a group of  
colleagues, I needed to belong to a different group that we all  
share.  The home directories normally are group-writeable, and  
permissions on it were not changed when I messed with the groups.   
This is apparently too liberal for ssh if you have a non-standard  
group.  Solution:  chmod g-w ~/.

	Important method for finding the problem:  enable ssh logging.  See  
http://www.macosxhints.com/article.php?story=20051012162448301 to  
turn it on.  Especially see the first comment to the story, which  
also creates a /var/log/auth.log which logs login information.  Once  
logging was turned on, I was able to see the warning message from  
sshd, which immediately led to tracking down the problem.

	-Andy

-- 
Andy Jacobson
andy.jacobson at noaa.gov

NOAA Earth System Research Lab
Global Monitoring Division
325 Broadway
Boulder, Colorado 80305

303/497-4916