Re: authorized_keys in /tmp/.ssh?



On Wed, Oct 18, 2006 at 02:36:35PM -0400, Clem Taylor wrote:
[...]
As part of this change, I need to create root's authorized_keys file
at boot time. So now I have /root/.ssh/authorized_keys symlinked to
/tmp/.ssh/authorized_keys.

/tmp is 1777, but /tmp/.ssh is 0700. When I attempt to login using a
key that is in authorized_keys, I get "sshd: Authentication refused:
bad ownership or modes for directory /tmp". If I change the
permissions of /tmp to 1755, then sshd will allow the login, but this
causes problems for things not running as root that need to write to
/tmp.

So, add another intermediary directory which is owned by root and 700,
i.e.:

/tmp 1777
/tmp/root 0700
/tmp/root/.ssh 0700

Update your symlinks accordingly.

It seems that sshd is finding the absolute path of the authorized_keys
file and then stating the first path entry. I'm not quite sure why it
is checking the top level directory and not the permissions of the
directory that contains the authorized_keys.

Because ultimately the top level directory controls who will be able
to access the file, not the symlink or its parent.

--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D