[follow-up/fix] openssh 2.5.2p2 not allowing RSA authentication

Carson Gaspar carson at taltos.org
Thu Apr 5 13:00:55 EST 2001



--On Wednesday, April 04, 2001 3:09 PM +0200 Jan Just Keijser 
<janjust at cisco.com> wrote:

> the stat() on $HOME/.ssh/authorized_keys fails, which the server needs to
> read to determine whether RSA authentications are allowed. My bet about
> what's happening is this:
>
> sshd runs as euid root, gid 0
> auth-rsa.c switches to euid janjust, but does not change the egid using
> setegid()
> euid janjust, gid 0 does *NOT* have access to the directory /local/home
> with permissions 750
> the stat() call walks down the path of the file and runs into this
> permission problem and bails out, even though the user would have access
> to directories and files below the troublesome /local/home directory.

Calling setegid is not necessarily enough. You really should call 
initgroups() before calling seteuid() if you want the same access as the 
user. If you revert to root's uid, you'll have to call initgroups() again.

-- 
Carson Gaspar - carson at taltos.org
Queen trapped in a butch body



More information about the openssh-unix-dev mailing list