I recently described the process I went through in getting my raspberry pi to serve a statically generated page, using wget on my Linux desktop running WordPress. I wrote a script to use "rsync" over ssh, but I ran into an issue: the key pair (so I could transfer without password) wasn't working. The solution:
On Raspberry Pi (Arch Linux), run:
1. systemctl stop sshd # Stop current running SSH. 2. /usr/bin/sshd -d # Start with debug mode.
From my Linux Desktop (Ubuntu), run:
3. ssh firstname.lastname@example.org
At this point, I saw the following error appear on the Raspberry Pi,
running sshd in debug mode:
"Authentication refused: bad ownership or modes for directory ..."
I googled this, and found a really good link describing the problem. Not only were certain permissions required for the ".ssh" directory and it's contents, but the user's HOME directory must have appropriate permissions as well. I found that the http_user had group write permissions turned on, which was causing the problem.
On Raspberry Pi, run:
4. chmod 755 /home/http_user # Make the home directory writable by http_user ONLY.
Apparently, this default behavior of SSH can be over-ridden with some changes to /etc/ssh/sshd_config, but it would decrease the security of the system.
After some additional testing, I found that running my "push-html.sh," which runs ssh over rsync, was what caused the permissions of my http_user's directory to be changed so that group write permissions were enabled. The root cause: the directory on my Linux-Desktop that was being pushed over to the Raspberry Pi had permissions 775, so whenever I copied it over, the permissions on my http_user's directory changed to 775 too. Subsequently, running ssh over rsync, a password would be required because of the incorrect permissions on the http_user home directory, as mentioned above.