User directories ownership has UID on google cloud (gcp) causing possible ssh issue

byrdman1982 asked:

I am having trouble with some users logging into my GCP compute instance (set up with a slum deployment). When I try to log in, for example, as user ‘pi’, I get the error:

Permission denied (publicly.gssapi-keyex,gssapi-with-mic).

Error: (cloud.compute.ssh) [usr/bin/ssh] exited with return code [255].

When I get on as another user, I go to the /home directory and do ls -lh and see something like:

drwx——. 4 10005 10005 126 Dec 27 16:16 pi

drwx——. 4 ter ter 4.0k Jan 7 12:34 ter

The ter account has no issue logging in. The pi account gets the permission denied problem. The UID for pi is 10005. I was able to log in last week without a problem, but I don’t know if I had this same thing show up with the folder ownership. Other users are having the same ssh problem, and their UID shows up instead of their user name on their home folder as well. If I su pi I can become pi, but I can’t access the pi home directory. If I change the ownership/group of the pi folder, I can access the pi home folder, but I still can’t ssh in. How can I resolve this issue?

My answer:

The problem is caused by the fact that the UID of the user named pi is not actually 10005, as you seem to believe.

You can find its actual UID in /etc/passwd and its actual GID in /etc/group.

But you can solve the problem by recursively fixing the user and group ownership of its home directory and all the contained files, using e.g. chown. For example:

chown -R pi.$(id -gn pi) /home/pi

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.