[Bug 2364] New: Incorrect .ssh parent directory permissions not logged
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Mar 12 04:05:31 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2364
Bug ID: 2364
Summary: Incorrect .ssh parent directory permissions not logged
Product: Portable OpenSSH
Version: 6.6p1
Hardware: ix86
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: murph.murphy at oracle.com
Created attachment 2566
--> https://bugzilla.mindrot.org/attachment.cgi?id=2566&action=edit
Output of ssh -v
Overview
Attempting to ssh (using a key) into a machine that has correct .ssh
folder permissions but incorrect home directory permissions results
in
unexpected behaviour. Instead of logging a message about incorrect
permissions, it logs attempts to try keyfiles that don't exist
interspersed with messages about which auth methods can continue.
Steps to Reproduce
1) Set up (rsa) keys between client and server normally.
2) Set server home directory to world writable.
3) Attempt to ssh to the server.
Expected Results
Fails to password, but prints a line in the verbose output about the
reason being incorrect .ssh parent folder permissions.
Actual Results
Asks for a password to log in. Verbose mode shows that it is trying a
several keys that both exist and don't exist, printing a message
about what auth modes are allowed, but no information about incorrect
permissions.
Versioning
Server
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Client
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014
The exact same problem occurs between two machines on
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 as well.
Additional Information
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list