openssh unix dev - Jan 2007 - Verbose messaging about why public key auth was rejected

I had a small battle with public key authentication today at the end  
of which I realized that the problem was the permissions on my home  
directory (previously I though ~/.ssh was all that mattered. You  
learn something new every day!).

While I was trying to track this problem down, I used ssh -v and sshd  
-ddd to get as much information as possible about why my public key  
wasn't working, and neither mentioned that it was a simple  
permissions issue.

My question: is there a way to have ssh and/or sshd tell you WHY a  
public key is being rejected (specifically the permissions thing)?
If so, can someone point me at a good document? I'm using OpenSSH  
3.9p1 under RHEL4 (at the moment) and can upgrade if it's in a newer  
version.
If not, would the OpenSSH team consider adding this feature? I'm  
betting I could probably manage the changes necessary, and submit a  
patch...

Thanks,
-ryan findley

On Tue, Jan 30, 2007 at 01:24:30PM -0500, Ryan Findley
wrote:
> My question: is there a way to have ssh and/or sshd tell you WHY a  
> public key is being rejected (specifically the permissions thing)?
> If so, can someone point me at a good document? I'm using OpenSSH  
> 3.9p1 under RHEL4 (at the moment) and can upgrade if it's in a newer  
> version.
With RHEL another area you could have run into problems is with
SELinux contexts on the various files or directories.  With some
errors (such as those related to SSH's own paranoia) the cause
might be more obvious than with others, such as EACCES.  I think
you find that giving good hints to the user will be difficult,
and giving bad hints is more likely to send them off in the wrong
direction.

-matt

2007/1/30, Ryan Findley <ryan at
neomindstudio.com>:
> My question: is there a way to have ssh and/or sshd tell you WHY a
> public key is being rejected (specifically the permissions thing)?
> If so, can someone point me at a good document? I'm using OpenSSH
> 3.9p1 under RHEL4 (at the moment) and can upgrade if it's in a newer
> version.
I've had good results with LogLevel VERBOSE.

Best
   Martin

On Tue, 30 Jan 2007, Ryan Findley wrote:
> My question: is there a way to have ssh and/or sshd tell you WHY a  
> public key is being rejected (specifically the permissions thing)?
> If so, can someone point me at a good document? I'm using OpenSSH  
> 3.9p1 under RHEL4 (at the moment) and can upgrade if it's in a newer  
> version.
> If not, would the OpenSSH team consider adding this feature? I'm  
> betting I could probably manage the changes necessary, and submit a  
> patch...
I don't think we want to tell the client exactly what is wrong
wrt authorized_keys permissions. How do you know the client is not
evil before you tell them that their authorized_keys is word-writable?

-d