authorized_keys in /tmp/.ssh?


I'm working on an embedded Linux system that has a read-only jffs2
root file system. /tmp is a tmpfs file system for files that need to
be writable. Anything that needs writable files is symlinked to /tmp.

The only way to connect to the machine is via openssh. Right now we
use a mixture of password and public key authorization and I'm trying
to remove the password based auth. As part of this change, I need to
create root's authorized_keys file at boot time. So now I have
/root/.ssh/authorized_keys symlinked to /tmp/.ssh/authorized_keys.

/tmp is 1777, but /tmp/.ssh is 0700. When I attempt to login using a
key that is in authorized_keys, I get "sshd: Authentication refused:
bad ownership or modes for directory /tmp". If I change the
permissions of /tmp to 1755, then sshd will allow the login, but this
causes problems for things not running as root that need to write to

It seems that sshd is finding the absolute path of the authorized_keys
file and then stating the first path entry. I'm not quite sure why it
is checking the top level directory and not the permissions of the
directory that contains the authorized_keys.

I'd rather avoid having to separate tmpfs filesystems, so is there an
easy way to work around this problem? I'm using OpenSSH_3.9p1 and
OpenSSL 0.9.7e.


Relevant Pages

  • 2.6.27-rc7 no init found on the root partition?
    ... but the kernel is unable to boot. ... XFS file system but no init found. ... it complains that root file system not found and I have ... # Input Device Drivers ...
  • RFC: root mount enhancement (round 2)
    ... A ramdisk root file system (whether pre-loaded by the loader or ... A well-defined and simple recursive algorithm that the kernel ... Let me mention a problem with the currently implemented root mount ...
  • Re: Getting signal 15 after boot
    ... before the point where the root file system ... This file also receives a copy of the kernel ringbuffer ... If your computer hangs even before this shell, ...
  • Re: [SLE] system hangups
    ... Single user mode only has your root file system mounted, ... I've seen the mount ...
  • Re: Init.c, making it chroot
    ... simply let init mount it in all cases, ... The kernel needs to mount devfs because that's how it finds the device node to mount the root file system from. ...