SSH StrictModes does not work correctly
Bug #954620 reported by
Frank
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
When StrictModes is set to yes in /etc/ssh/
This is happening on a fresh install of Ubuntu Server 11.10 64-bit.
frank@localhost:~$ lsb_release -rd
Description: Ubuntu 11.10
Release: 11.10
frank@localhost:~$ apt-cache policy openssh-server
openssh-server:
Installed: 1:5.8p1-7ubuntu1
Candidate: 1:5.8p1-7ubuntu1
Version table:
*** 1:5.8p1-7ubuntu1 0
500 http://
100 /var/lib/
security vulnerability: | yes → no |
security vulnerability: | yes → no |
visibility: | private → public |
visibility: | private → public |
Changed in openssh (Ubuntu): | |
importance: | Undecided → Medium |
To post a comment you must log in.
@Frank: does your home belong to your own per-user group? If so, StrictMode=yes might notice that and still allow login. In my case:
christian@alice$ ls -ld $HOME
drwx------ 24 christian christian 20480 Jul 23 03:44 /home/christian
=> Now, setting $HOME to 0720 will still allow login with public keys. But changing the ownership to e.g. ":users" makes StrictMode work.
Note that sshd_config defines "StrictModes" only as "specifies whether sshd(8) should check file modes and ownership of the user's files and home directory before accepting login." - i.e. there's no mention what exactly is "checked". The source may be helpful on that.