On Tue, Apr 12, 2011 at 05:03:18PM +0100, Chris G wrote: [snip long rigmarole]
So there's something different about www-data but what is it? There's nothing special in the sshd_config file and I've completely removed both zelma's and www-data's ~/.ssh directories before starting the above.
Any ideas/suggestions anyone?
... and the answer is quite subtle! ssh refuses to do public key login if your *home* directory has permissions too lax. I had:-
drwxrwsr-x 21 www-data www-data 4096 2011-04-12 16:46 www
Changing them to:-
drwxr-sr-x 21 www-data www-data 4096 2011-04-12 16:46 www
(N.B. the .ssh directory already had the required minimal permissions, I just didn't realise that ssh worries about your home directory permissions as well)
Allows the ssh passwordless login to www-data. It's a bit of a pity though as the group permission used to allow other users in the right group to write files in /var/www. I used to do my editing that way but decided that being able to become www-data more easily would be cleaner.