On Mar 13, 2022, at 08:07:33, Jake Anderson <justmainfra...@gmail.com> wrote: > > I was able to copy it > We have two environment LPAR1 and LPAR2 > > Certificate based SSH login is successful on LPAR2 but for LPAR1 It asks > for password. > Ssh requires, but does not diagnose clearly, that no directory in the path from root to ~/.ssh be writable by other than the .ssh owner lest a (fe)malefactor modify the permissions.
This POSIX shell script reports any weaknesses: #! /bin/sh # Doc: Verify that strangers can't modify path to "'". _UNIX03=YES export _UNIX03 ${1+cd "$1"} || exit 103 # Defauot is PWD. echo " Testing: $( ls -ld "$( pwd -P . )" )" >&2 while :; do P=$( pwd -P . ) || exit 104 L=$( ls -ld "$P" ) # # echo " Testing: $L" >&2 case "$L" in ????????w* | ?????w* ) echo "!!! writable !!!: $L" >&2 exit 1;; esac [ "x/" = "x$P" ] && exit 0 cd -P .. || exit 102 done -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN