Re: authorized_keys in /tmp/.ssh?



On Wed, Oct 18, 2006 at 02:36:35PM -0400, Clem Taylor wrote:
[...]
As part of this change, I need to create root's authorized_keys file
at boot time. So now I have /root/.ssh/authorized_keys symlinked to
/tmp/.ssh/authorized_keys.

/tmp is 1777, but /tmp/.ssh is 0700. When I attempt to login using a
key that is in authorized_keys, I get "sshd: Authentication refused:
bad ownership or modes for directory /tmp". If I change the
permissions of /tmp to 1755, then sshd will allow the login, but this
causes problems for things not running as root that need to write to
/tmp.

So, add another intermediary directory which is owned by root and 700,
i.e.:

/tmp 1777
/tmp/root 0700
/tmp/root/.ssh 0700

Update your symlinks accordingly.

It seems that sshd is finding the absolute path of the authorized_keys
file and then stating the first path entry. I'm not quite sure why it
is checking the top level directory and not the permissions of the
directory that contains the authorized_keys.

Because ultimately the top level directory controls who will be able
to access the file, not the symlink or its parent.

--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D



Relevant Pages

  • Re: No interpereters for files on a specific partition?
    ... > level directory, has it's permissions set, so that the user can't ... run the script citygen.pl from within that directory? ... I did try them as root, ...
    (comp.os.linux.misc)
  • Re: [opensuse] command line question
    ... can't do something but root can, the problem is usually one of permissions. ... Absent recompilation, VLC does not ... No one has as yet explained what security issues could possibly exist playing a local source DVD, .ts, .mpeg, .mp3 or the like outside a Windows desktop environment. ...
    (SuSE)
  • Re: [RFC] FUSE permission modell (Was: fuse review bits)
    ... >> root is denied all access. ... and the kernel checks the permission. ... The userspace can't enforce the permissions. ...
    (Linux-Kernel)
  • Re: Problem setting up NFS on Ubuntu
    ... I have installed Ubuntu ... > I used System - Administration - Synaptic Package Manager to include NFS ... Should I be using the GUI, and if so, how do I do that as root, ... and doesn't change the permissions displayed by ls -l ...
    (comp.os.linux.setup)
  • Re: MISSING PAGEFILE.SYS FILE
    ... Agree that there's a permissions problem. ... c:\ root and killed all permission groups except Everyone Group and System. ... "George Hester" wrote: ... the Everyone group includes the System account. ...
    (microsoft.public.windowsxp.general)