Re: authorized_keys in /tmp/.ssh?

On Wed, 18 Oct 2006, Clem Taylor wrote:

/tmp is 1777, but /tmp/.ssh is 0700. When I attempt to login using a
key that is in authorized_keys, I get "sshd: Authentication refused:
bad ownership or modes for directory /tmp". If I change the
permissions of /tmp to 1755, then sshd will allow the login, but
this causes problems for things not running as root that need to
write to /tmp.

It seems that sshd is finding the absolute path of the
authorized_keys file and then stating the first path entry. I'm not
quite sure why it is checking the top level directory and not the
permissions of the directory that contains the authorized_keys.

Because someone can change the upper directory (rename its
subdirectory) and effectively replace your authorized_keys with
authorized_keys from some other directory: for example, if there are
/a/b/c and /a/d/c and one can change /a, he can rename /a/b -> /a/X
and /a/d -> /a/b -- even if he cannot change old /a/b, now /a/b/c is
his file.

I'd rather avoid having to separate tmpfs filesystems, so is there
an easy way to work around this problem? I'm using OpenSSH_3.9p1 and
OpenSSL 0.9.7e.

If you understand the security implications, simply edit
secure_filename in auth.c and remove the loop "for each component of
the canonical path, walking upwards".

--
Regards,
ASK

Relevant Pages