PublicKey authentication fails because of onerous permission rules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Expired
|
Medium
|
Unassigned |
Bug Description
The required permissions are now too strict. It is not possible to login using the PublicKey method if the home directory is group readable.
WHAT I DID
Install openssh-server and openssh-client. Create a new account. Login to the account and create a PublicKey
ssh-keygen -t rsa
Copy the PublicKey to the authorized keys list
cat ~/.ssh/id_rsa.pub > .ssh/authorized
Set the permissions along the path
chmod u+rwx,go-rwx ~/
chmod u+rwx,go-rwx ~/.ssh
chmod u+rw,go-rwx ~/.ssh/
Start the ssh authentication agent, and add the new key
eval `/usr/bin/ssh-agent -s`
ssh-add
Login to the account via ssh
ssh -vv localhost
Logout.
WHAT HAPPENS
Everything works as expected
WHAT I DID NEXT
Change the permission on just the home folder.
chmod g+rwx ~/
Login to the account via ssh
ssh -vv localhost
WHAT I EXPECTED
Login should still work. It does in jaunty, and the FILES section of the ssh man page makes no mention of restrictions on the home directory. In fact, it talks about permissions on .ssh, which makes no sense if the home directory is already more restricted.
WHAT HAPPENS
PublicKey authentication fails. The reason is given in /var/log/authlog as the wrong permissions on the home directory.
Which version are you using?
Regards
chuck