Please note the new address for this forum : forum.excito.org. The old address redirects here but I don't know for how long. Thanks !
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !

ssh public key authentication

Got problems with your B2 or B3? Share and get helped!
Post Reply
ryz
Posts: 183
Joined: 12 Feb 2009, 06:03

Re: ssh public key authentication

Post by ryz »

There is a setting in the SSH server that tells it to check for healthy permission on the users home folder for the user that tries to login with a public key. I think it is the StrictModes yes in the file /etc/ssh/sshd_config. You could changes that to no and the reconfigure the ssh server with

Code: Select all

/etc/init.d/ssh reload
SSH does not know if the group that the home folder has is only accessible by the user and that it will stay so. If any other user has write permission to the /home/press folder that user can change the /home/press/.ssh folder and hence put its own public key there and then login in as the user press.

Bubba is not set up to have a single primary group for each user. All users share the same primary group.
Top
Ubi
Posts: 1549
Joined: 17 Jul 2007, 09:01

Re: ssh public key authentication

Post by Ubi »

ryz wrote:I think it is the StrictModes yes in the file /etc/ssh/sshd_config. You could changes that to no and the reconfigure the ssh server with

Code: Select all

/etc/init.d/ssh reload
well.. yes you can.
But would you really want to? Or would you want to recommend this to other users? I'd say the first "S" of SSH is to be taken seriously, and in this forum we should help people creating a secure and reliable working environment, rather than suggesting workarounds that disable important security measures.
Top
Pressurized
Posts: 53
Joined: 11 Jun 2007, 17:12
Location: East of England

Re: ssh public key authentication

Post by Pressurized »

ryz wrote:...SSH does not know if the group that the home folder has is only accessible by the user and that it will stay so. If any other user has write permission to the /home/press folder that user can change the /home/press/.ssh folder and hence put its own public key there and then login in as the user press. Bubba is not set up to have a single primary group for each user. All users share the same primary group.
Exactly right. Even though my network would be pretty secure in the circumstance, it is better not to weaken the fundamental security the distro offers:
ubi wrote: But would you really want to? Or would you want to recommend this to other users? I'd say the first "S" of SSH is to be taken seriously, and in this forum we should help people creating a secure and reliable working environment, rather than suggesting workarounds that disable important security measures.
But I appreciate knowing about the option even so.
Top
Post Reply

Return to “B2 & B3 Support”