The following header lines retained to affect attribution:
|Date: Wed, 10 Feb 1999 12:43:02 -0500
|To: SSH Discussion <[EMAIL PROTECTED]>
|From: George McConnell <[EMAIL PROTECTED]>
|Subject: Re: SSH access denied because of bad $HOME permissions
|Cc: "Delius, Felix von" <[EMAIL PROTECTED]>
|At 08:58 AM 2/10/99 , you said something like....
|>is there an option to disable the permission check for the target users
|>$HOME directory?
|>What I want to do is to login with RSA-Authentication as root where root's
|>homedir is / with the following permissions:
|> drwxrwxr-x 26 root sys 1024 Feb 10 10:12 /
|>Feb 10 12:59:01 sshd[13573]: log: Rsa authentication refused for root: bad
|>modes for /
|the $HOME directory should be not be world writable.
According to what was posted, the $HOME directory of root,
which is /, is not world writable.
|also, check the permissions on the ssh directory ($HOME/.ssh). the
|permissions on the directory should be 700.
Accordind to what was posted, ssh's complaint was about the
/ directory. If the actual problem is with a file system
object below the $HOME directory of the user, root, then
I suggest that ssh be changed to give a more intelligible
error message , one which more directly indicate the problem.
|the files inside the directory should be:
|-rw-r--r-- 1 user sysadmin 3142 Jan 29 19:18 authorized_keys
|-rw------- 1 user sysadmin 383 Jan 29 11:05 config
|-rw------- 1 user sysadmin 547 Jan 20 15:18 key
|-rw-r--r-- 1 user sysadmin 351 Jan 20 15:18 key.pub
|-rw-r--r-- 1 user sysadmin 6222 Feb 9 10:22 known_hosts
|-rw------- 1 user sysadmin 512 Feb 9 10:22 random_seed
Thank you for this useful information. One of the problems
that ssh has is a set of documentation which is quite opaque.
Randolph J. Herber, [EMAIL PROTECTED], +1 630 840 2966, CD/CDFTF PK-149F,
Mail Stop 318, Fermilab, Kirk & Pine Rds., PO Box 500, Batavia, IL 60510-0500,
USA. (Speaking for myself and not for US, US DOE, FNAL nor URA.) (Product,
trade, or service marks herein belong to their respective owners.)
