Hi
We have detected a problem in sshd when trying to access user files in
order to authenticate a user via public key.
In our system, each unix group has a separate home directory with 0750
permissions owned by root.group, therefore a user can access his home
directory thanks to his group ownership.
After installing OpenSSH 2.3.0p1 on this system we noticed that public
key authentication only worked for root. After doing some debugging we
noticed that "user_dsa_key_allowed" (in auth2.c)
uses
"temporarily_use_uid" to access files in the home directory of
the
target user, this means that sshd tries to access
~/.ssh/authorized_keys2 as target_user.system (on AIX), not as
target_user.group as it should, as the home directory parent can't be
accessed with efective group "system", pubkey authentication
silently
fails.
It seems that setting also the effective group id will solve this
problem. It also would be nice to log the failed attempt to access to
~/.ssh/authorized_keys2, because putting sshd in debug level 3 says
nothing about te reason the user was not authenticated.
Tanks for developing this great product.
Best regards,
Juanjo
PS: Excuse my poor english.
--
Juan Jose Villaplana Querol villapla at si.uji.es
Computer Center
University Jaume I Castellon (SPAIN)
