Isilon: OneFS: Error-"Authentication refused: bad ownership or modes for directory /ifs/home/user/.ssh" when trying to connect to cluster through SSH

Users are unable to connect to the cluster through an SSH connection.

• The following error appears:
   

  Authentication refused: bad ownership or modes for directory /ifs/home/user/.ssh

  This same error is also logged to the /var/log/auth.log file.

• The user is prompted for their password even though an authorized_keys file is being used.

The error, "Authentication refused: bad ownership or modes for directory," typically means that the user's home or ~/.ssh directories have group write permissions. The home directory should be writable only by the user or owner, ~/.ssh permissions should be set to 700, and the authorized_keys file permissions should be set to 600.

Modify the permissions on the user's specified directories. It is generally recommended to have permissions of 750 on the /ifs/home/user/.ssh/ directory and 644 permissions on the authorized_keys file; however those values might not be sufficient, and more restrictive permissions are needed.

1. Open an SSH connection on any node in the cluster and log in using the "root" account.
2. Run the following command to change the user's home directory to be writable only by that user, where <user name> is the user's name:
   
   chmod g-w /home/<user name>
    
3. Change the permissions on the user's ~/.ssh directory, where <user name> is the user's name:
   
   chmod 700 /home/<user name>/.ssh
    
4. Change the permissions on the user's authorized_keys file, where <user name> is the user's name:
   
   chmod 600 /home/<user name>/.ssh/authorized_keys

   NOTE
   The authorized_keys file should be owned by the owner and not "root".

Additional information

Refer to the knowledgebase article, How to set up key-based RSA SSH logins, 16474