Issue #1629 has been updated by jamtur01. Status changed from Re-opened to Closed
Pushed in commit:"8a671e528e2d024f19c22e0381c3dc135d32884b" in branch 0.24.x ---------------------------------------- Bug #1629: incorrect permissions on ssh_authorized_keys created files http://projects.reductivelabs.com/issues/1629 Author: mfournier Status: Closed Priority: Normal Assigned to: jamtur01 Category: ssh Target version: 0.24.8 Complexity: Unknown Affected version: 0.24.5 Keywords: ssh authorized_keys mode permission When setting the "target" parameter to something outside the user's home (e.g. /etc/ssh/authorized_key/${username}.pub), the file containing the public keys are owned by root with mode 0600. During ssh login, sshd changes it's process uid before reading the authorized keys file and therefore key-based login fails because sshd can't read this file owned and readable only by root. When changing file mode to 0644 or changind the file owner to the target user, key-based login works as expected. The idea behind this is to be able to have root-owned authorized keys files to prevent users from putting more than their own key in their account keyring. Maybe we should have an additional boolean parameter which would let the admin define if the key files can be editable by the user or not. ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
