Unable to connect to SFTP after changing file permissions of /home folder

1

We have ubuntu instance on amazon and due to some reasons, we have changed the permissions of folder /home to 777. Command : sudo chmod -R 777 /home

and now we are unable to connect to SFTP or via putty. So Please help us out how to solve this problem asap.

jack

Posted 2018-01-24T13:13:08.320

Reputation: 13

Are you using public key authentication? The OpenSSH server requires the files in ~/.ssh/ directory to have a chmod mask of 600. – GiantTree – 2018-01-24T13:16:23.510

1If you try ssh -vv username@host you may see more information regarding why you cannot connect, or at least how far into the process that it fails. You've opened up permissions of /home to the world, so except for situations like what GiantTree commented, this should not be permission related. – Xalorous – 2018-01-24T13:37:21.733

@Xalorous yes, it will be permission related, but in the opposite way than you are thinking. If your ~/.ssh/authorized_keys file is writable by others then sshd considers it potentially compromised and untrusted... and ignores it. – Michael - sqlbot – 2018-01-24T23:35:14.253

Answers

2

Since AWS does not have an interactive shell available, you need another way to fix the problem. I have used this method in the past, and it has worked for me:

  • Disconnect the disk of your instance (let's call it instance A)
  • Create a new instance (Instance B)
  • Connect the disk of instance A as an additional disk on instance B
  • Log on to instance B, mount the disk

  • Fix the home directory permissions, safe values would be:

    chmod 755 /$mountpoint/home
cd /$mountpoint/home
find -type d | xargs chmod 750
find -type f | xargs chmod 640
find . -name '.ssh' -exec chmod 700 {} \;
find . -name 'authorized_keys' -exec chmod 600 {} \;

  • Unmount the disk

  • Reconnect it to instance A
  • Boot

mtak

Posted 2018-01-24T13:13:08.320

Reputation: 11 805

For security's sake, I would make the chmod 750 * recursive, to get rid of those world writable bits on all the files inside /home. chmod 750 * -R – Xalorous – 2018-01-24T13:39:55.393

1Good catch, however this would make every file executable in the process? In that case, make all dirs 750 and all files 640. I've updated my answer. – mtak – 2018-01-24T13:46:11.790

Good point. Though in this case it would be 'leaving' every file executable, since OP's already set everything to 777. – Xalorous – 2018-01-24T13:48:39.283

No flies on you, mate! – mtak – 2018-01-24T14:35:54.177

Asked: 2018-01-24T13:13:08.320

Viewed: 616 times

Active: 2018-01-24T19:54:08.220