On Wed, Oct 18, 2006 at 02:36:35PM -0400, Clem Taylor wrote: [...] > As part of this change, I need to create root's authorized_keys file > at boot time. So now I have /root/.ssh/authorized_keys symlinked to > /tmp/.ssh/authorized_keys. > > /tmp is 1777, but /tmp/.ssh is 0700. When I attempt to login using a > key that is in authorized_keys, I get "sshd: Authentication refused: > bad ownership or modes for directory /tmp". If I change the > permissions of /tmp to 1755, then sshd will allow the login, but this > causes problems for things not running as root that need to write to > /tmp.
So, add another intermediary directory which is owned by root and 700, i.e.: /tmp 1777 /tmp/root 0700 /tmp/root/.ssh 0700 Update your symlinks accordingly. > It seems that sshd is finding the absolute path of the authorized_keys > file and then stating the first path entry. I'm not quite sure why it > is checking the top level directory and not the permissions of the > directory that contains the authorized_keys. Because ultimately the top level directory controls who will be able to access the file, not the symlink or its parent. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
