Issue #1629 has been reported by mfournier.
----------------------------------------
Bug #1629: incorrect permissions on ssh_authorized_keys created files
http://projects.reductivelabs.com/issues/show/1629
Author: mfournier
Status: Unreviewed
Priority: Normal
Assigned to: ctrlaltdel
Category: ssh
Target version:
Complexity: Unknown
Affected version: 0.24.5
Keywords: ssh authorized_keys mode permission
When setting the "target" parameter to something outside the user's home (e.g.
/etc/ssh/authorized_key/${username}.pub), the file containing the public keys
are owned by root with mode 0600.
During ssh login, sshd changes it's process uid before reading the authorized
keys file and therefore key-based login fails because sshd can't read this file
owned and readable only by root.
When changing file mode to 0644 or changind the file owner to the target user,
key-based login works as expected.
The idea behind this is to be able to have root-owned authorized keys files to
prevent users from putting more than their own key in their account keyring.
Maybe we should have an additional boolean parameter which would let the admin
define if the key files can be editable by the user or not.
----------------------------------------
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
