[Bug 522373] [NEW] PublicKey authentication fails because of onerous permission rules
albcorp
albcorp at yahoo.ca
Mon Feb 15 22:35:16 GMT 2010
Public bug reported:
The required permissions are now too strict. It is not possible to
login using the PublicKey method if the home directory is group
readable.
WHAT I DID
Install openssh-server and openssh-client. Create a new account. Login
to the account and create a PublicKey
ssh-keygen -t rsa
Copy the PublicKey to the authorized keys list
cat ~/.ssh/id_rsa.pub > .ssh/authorized_keys
Set the permissions along the path
chmod u+rwx,go-rwx ~/
chmod u+rwx,go-rwx ~/.ssh
chmod u+rw,go-rwx ~/.ssh/authorized_keys
Start the ssh authentication agent, and add the new key
eval `/usr/bin/ssh-agent -s`
ssh-add
Login to the account via ssh
ssh -vv localhost
Logout.
WHAT HAPPENS
Everything works as expected
WHAT I DID NEXT
Change the permission on just the home folder.
chmod g+rwx ~/
Login to the account via ssh
ssh -vv localhost
WHAT I EXPECTED
Login should still work. It does in jaunty, and the FILES section of
the ssh man page makes no mention of restrictions on the home directory.
In fact, it talks about permissions on .ssh, which makes no sense if the
home directory is already more restricted.
WHAT HAPPENS
PublicKey authentication fails. The reason is given in /var/log/authlog
as the wrong permissions on the home directory.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
PublicKey authentication fails because of onerous permission rules
https://bugs.launchpad.net/bugs/522373
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list