wtf.

jfc

happy Friday?

:)

I'm happy to help, let me know where I shall send the invoice to

$.02?

bastelfreak: i wasn't in the loop on that, but i'm happy to discuss specifics

:D

i haven't hallucinated this

this has failed, because of a permission denied

maybe wrong perms on the directory

/var/log/auth.log:Nov 21 210846 backup-storage-01/backup-storage-01 sshd[1818809]: Could not open user 'pgbackrest-weather-01' authorized keys '/etc/ssh/puppetkeys/pgbackrest-weather-01': Permission denied

those are important as well

if it was EL I'd ask if was SELinux

okay, so i can reproduce here

chmod 600 /etc/ssh/puppetkeys/pgbackrest-weather-01

fail

chmod 444 /etc/ssh/puppetkeys/pgbackrest-weather-01

success

file is root:root

can you share your sshd config?

directory is 755 root:root all the way up to /

sure

/etc/ssh/ssh_config.d/ is empty

now check this out

the config is AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more /etc/ssh/puppetkeys/%u

if i chmod 600 in userkeys, that's not a problem

if i chmod 600 in puppetkeys that is where it fails

so it looks like ssh is treating those things differently depending on where they are in the AuthorizedKeysFile list