Closed Anvano closed 5 years ago
-
To clarify for future readers: Allowed permissions are 0400 (read) and 0200 (write), which combines to 0600. The message means no other bits are allowed. And the difference between 0600 and 0400 doesn't prevent login.
After setting up parameter secret=/var/unencrypted-home/${USER}/.google_authenticator option (Encrypted home directories), I have noticed error message in auth.log
"sshd(pam_google_authenticator)[15301]: Secret file permissions are 0400. Allowed permissions are 0600"
Ok. I have changed permissions to 0600. Double checked it! After login - permissions on this file has been reset to 0400.
I have tried once more: 1) changed permissions to 0600 2) tried to login 3) checked permission - and again they has been changed to 0400
It seems to be that pam_google_authenticator.so changing file permissions upon login to 0400. Thus preventing subsequent login attempts with error message above.