Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

authorized_keys in /tmp/.ssh?

from [Clem Taylor] Network Security [Permanent Link]
Subject: authorized_keys in /tmp/.ssh?
Date: Wed, 18 Oct 2006 14:36:35 -0400 
Hi,

I'm working on an embedded Linux system that has a read-only jffs2
root file system. /tmp is a tmpfs file system for files that need to
be writable. Anything that needs writable files is symlinked to /tmp.

The only way to connect to the machine is via openssh. Right now we
use a mixture of password and public key authorization and I'm trying
to remove the password based auth. As part of this change, I need to
create root's authorized_keys file at boot time. So now I have
/root/.ssh/authorized_keys symlinked to /tmp/.ssh/authorized_keys.

/tmp is 1777, but /tmp/.ssh is 0700. When I attempt to login using a
key that is in authorized_keys, I get "sshd: Authentication refused:
bad ownership or modes for directory /tmp". If I change the
permissions of /tmp to 1755, then sshd will allow the login, but this
causes problems for things not running as root that need to write to
/tmp.

It seems that sshd is finding the absolute path of the authorized_keys
file and then stating the first path entry. I'm not quite sure why it
is checking the top level directory and not the permissions of the
directory that contains the authorized_keys.

I'd rather avoid having to separate tmpfs filesystems, so is there an
easy way to work around this problem? I'm using OpenSSH_3.9p1 and
OpenSSL 0.9.7e.

                          Thanks,
                          Clem

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: sshd_config access keywords question., Benjamin Donnachie
Next by Date:  Re: Debugging SFTP for openSSH 4.4p1, Brian
Previous by Thread:  Debugging SFTP for openSSH 4.4p1, Cam Macdonell
Next by Thread:  Re: authorized_keys in /tmp/.ssh?, Derek Martin
Indexes:  [Date] [Thread] [Top] [All Lists]