This issue has probably been brought up before, but I'll mention it anyway.
I just downloaded and built openssh 3.9p1 on Solaris 8. In my
environment, I have two root accounts. The normal one and an alternate
one (rjohn - uid 0) with it's own home directory (/export/home/rjohn).
After building and installing openssh, I was having trouble getting my
RSA authentication to work. In investigating it, I noticed that it was
attempting to use /.ssh/id_rsa.pub as my public key file instead of
/export/home/rjohn/.ssh/id_rsa.pub. Digging a little deeper, I found
that, in the client modules ssh.c and tildexpand.c, it uses the call
getpwuid(uid) as the basis for determining what the user's home
directory is. In my case, this resolves to / instead of /export/home/rjohn.
Wouldn't it be more appropriate to use something like
getpwnam(getenv("LOGNAME")) instead ? Since the login program itself
(in
both Linux and Solaris) sets LOGNAME, it's a reasonably safe assumption
that it will get set correctly. Even if it's not set, the program could
check that there's a value in LOGNAME, and if there isn't, fall back to
using getpwuid. The login program (in both Linux and Solaris) uses
getpwnam and not getpwuid to retrieve the passwd information. The
getpwuid call just looks at the first password entry that has that uid,
which may not be the one you're looking for. Any thoughts ?
Please respond directly.
Thanks,
John
--
John Cecere
Sun Microsystems
732-302-3922 / john.cecere at sun.com
On Tue, 30 Nov 2004, John Cecere wrote:> This issue has probably been brought up before, but I'll mention it anyway. > > I just downloaded and built openssh 3.9p1 on Solaris 8. In my > environment, I have two root accounts. The normal one and an alternate > one (rjohn - uid 0) with it's own home directory (/export/home/rjohn). > After building and installing openssh, I was having trouble getting my > RSA authentication to work. In investigating it, I noticed that it was > attempting to use /.ssh/id_rsa.pub as my public key file instead of > /export/home/rjohn/.ssh/id_rsa.pub. Digging a little deeper, I found > that, in the client modules ssh.c and tildexpand.c, it uses the call > getpwuid(uid) as the basis for determining what the user's home > directory is. In my case, this resolves to / instead of /export/home/rjohn. > > Wouldn't it be more appropriate to use something like > getpwnam(getenv("LOGNAME")) instead ? Since the login program itself (in > both Linux and Solaris) sets LOGNAME, it's a reasonably safe assumption > that it will get set correctly. Even if it's not set, the program couldWe don't call /sbin/login by default. Therefor who would set it? - Ben
John Cecere wrote:> Please respond directly. > [...] > After building and installing openssh, I was having trouble getting my > RSA authentication to work. In investigating it, I noticed that it was > attempting to use /.ssh/id_rsa.pub as my public key file instead of > /export/home/rjohn/.ssh/id_rsa.pub.Confused here. Do you mean id_rsa or id_rsa.pub? I would have expected you to say id_rsa here and not the .pub file.> Wouldn't it be more appropriate to use something like > getpwnam(getenv("LOGNAME")) instead ?That would definitely break a lot of my scripts. We also have multiple root users here. But we rely upon the fact that the file ~root/.ssh/id_rsa is the one and only root identify file. Wouldn't it be reasonable to use the -i option? ssh -i ~bob/.ssh/id_rsa somehost ... That allows you to use whatever identity file you wish to use.> Since the login program itself (in both Linux and Solaris) sets > LOGNAME, it's a reasonably safe assumption that it will get set > correctly.Some systems say LOGNAME. Some systems say USER. Bob