sshd can't access user files

[Juan Jose Villaplana Querol]

Hi

We have  detected a problem in sshd when trying to access  user files in
order to authenticate a user via public key.

In our system, each unix group has a separate home  directory  with 0750
permissions  owned by  root.group,  therefore a user can access his home
directory thanks to his group ownership.

After  installing  OpenSSH 2.3.0p1 on this system we noticed that public
key authentication  only worked for root.  After doing some debugging we
noticed    that     "user_dsa_key_allowed"     (in     auth2.c)     uses
"temporarily_use_uid"  to  access  files in the  home  directory  of the
target    user,    this    means    that    sshd    tries   to    access
~/.ssh/authorized_keys2   as   target_user.system   (on  AIX),   not  as
target_user.group  as it should, as the home  directory  parent can't be
accessed with efective group "system",  pubkey  authentication  silently
fails.

It seems  that  setting  also the  effective  group id will  solve  this
problem.  It also would be nice to log the failed  attempt  to access to
~/.ssh/authorized_keys2,  because  putting  sshd in  debug  level 3 says
nothing about te reason the user was not authenticated.

Tanks for developing this great product.


Best regards,
               Juanjo

PS: Excuse my poor english.

--
Juan Jose Villaplana Querol   villapla at si.uji.es
Computer Center
University Jaume I             Castellon (SPAIN)