Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] Solved. Why? was: Re: [suse-security] Problems with OpenSSH after upgrading:private keys broken !
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Thu, 6 Dec 2001 20:40:31 +0100 (MET)
  • Message-id: <Pine.LNX.4.33.0112062038440.5122-100000@xxxxxxxxxxxx>
>
> I also tried removing the group w bit, then the user w bit - which
> caused the error to change to:
>
> Dec 6 12:47:03 fluorite sshd[32712]: Authentication refused: bad
> ownership or modes for directory /home/jw
>
> I have my home group writable, we all do for certain reasons. I removed
> the g+w bit and they key worked - I wasn't asked for a password.
>
> This is a SERIOUS problem - on our remote servers we have a certain use
> we all use at times that _has_ to have g+w. Is there a way to tell sshd
> to ignore the fact that ~ has the g+w bit?

There is: /etc/ssh/sshd_config, option "StrictModes". Turn it to "off".

I already have this stuff included into SuSE-SA:2001:045, re-release of
the openssh-announcement, with the UseLogin bug fixed. To be released in
20 minutes.


Roman.
--
- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "You don't need eyes to see, |
SuSE GmbH - Security Phone: // you need vision!"
| N├╝rnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -


< Previous Next >
References