search for: secure_filenam

...192.168.1.1 port 1199 ssh2 debug1: userauth-request for user root service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug1: trying public key file //.ssh/authorized_keys debug3: secure_filename: checking '/.ssh' debug3: secure_filename: checking '' Authentication refused: bad ownership or modes for directory debug1: trying public key file //.ssh/authorized_keys2 debug3: secure_filename: checking '/.ssh' debug3: secure_filename: checking '' Authentication r...

My colleagues and I believe we have found a problem in the auth.c:secure_filename() code which causes it to be more aggressive than intended. We first noticed the problem in OpenSSH-2.9.9. secure_filename() comments that the loop walking up the directory components stops if it is past the home directory. However, the filename argument to the function is canonicalized with r...

...turn (0); - } - /* Open the file containing the authorized keys. */ - f = fopen(file, "r"); + f = open_keyfile(file, pw, options.strict_modes); if (!f) { - /* Restore the privileged uid. */ - restore_uid(); - xfree(file); - return (0); - } - if (options.strict_modes && - secure_filename(f, file, pw, line, sizeof(line)) != 0) { - xfree(file); - fclose(f); - logit("Authentication refused: %s", line); + xfree(file); restore_uid(); return (0); } === modified file 'auth.c' --- auth.c 2007-07-30 09:54:36 +0000 +++ auth.c 2007-08-02 12:03:02 +0000 @@ -397,...

I've discovered a problem with OpenSSH 2.9.9p2 under Solaris 2.5.1 . In auth.c, secure_filename() walks upwards toward the user's home directory or the filesystem root, verifying that no directories along the way are group or world writable. Solaris 2.5.1's dirname() function has a bug where dirname("/.ssh") returns an empty string instead of "/". This causes se...

http://bugzilla.mindrot.org/show_bug.cgi?id=165 ------- Additional Comments From markus at openbsd.org 2002-03-17 04:31 ------- never seen this. what does sshd -ddd say? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...192.168.1.1 port 1199 ssh2 debug1: userauth-request for user root service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug1: trying public key file //.ssh/authorized_keys debug3: secure_filename: checking '/.ssh' debug3: secure_filename: checking '' Authentication refused: bad ownership or modes for directory debug1: trying public key file //.ssh/authorized_keys2 debug3: secure_filename: checking '/.ssh' debug3: secure_filename: checking '' Authentication r...

Hello, After upgrading OpenSSH to 2.9.9p2, I've found some troubles on public key authentication with an sshd working at Solaris 2.5.1 machine. The server failed to validate the user's path in auth.c:secure_filename(). There were actually two reasons for the trouble: 1. the "realpath" of pw->pw_dir (that realpath() would return) was different from pw->pw_dir itself. Thus, comparing the directory name to each directory in the for loop of the function never succeeded. 2. Our Solaris...

Is there a way to tell the sshd to ignore the security check on the user's home permissions? debug3: secure_filename: checking '/ftpdata/pxdata/pold/data/.ssh' debug3: secure_filename: checking '/ftpdata/pxdata/pold/data' Authentication refused: bad ownership or modes for directory /ftpdata/pxdata/fold/data debug1: restore_uid debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss Failed publicke...

..._allowed entering debug3: mm_request_send entering: type 20 debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x809ae28 debug1: temporarily_use_uid: 0/0 (e=0) debug1: trying public key file /root/.ssh/authorized_keys debug3: secure_filename: checking '/root/.ssh' debug3: secure_filename: checking '/root' debug3: secure_filename: terminating check at '/root' debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: no key found debug2: user_key_allowed: check options: '-----BEGIN R...

http://bugzilla.mindrot.org/show_bug.cgi?id=333 ------- Additional Comments From stevesk at pobox.com 2002-07-04 05:41 ------- i will guess configure did not find an xauth when it was built ($PATH is irrelevant here). please verify. see $HOME/.ssh/rc example in sshd.8 which can be used as a workaround in this case. djm: autoconf-2.53 exposes a bug for xauth path detection. ------- You

...ser hendl service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug1: temporarily_use_uid: 2004/2000 (e=0/1) debug1: trying public key file /home/hendl/.ssh/authorized_keys debug3: secure_filename: checking '/home/hendl/.ssh' debug3: secure_filename: checking '/home/hendl' debug3: secure_filename: terminating check at '/home/hendl' debug1: matching key found: file /home/hendl/.ssh/authorized_keys, line 1 Found matching RSA key: 03:89:90:ee:9e:a9:2c:d1:00:6a:75:89:b7:...

...e 21 debug3: entering debug3: entering debug3: : key_from_blob: 4002f8a0 debug1: temporarily_use_uid: 0/3 (e=0/3) debug1: trying public key file //.ssh/authorized_keys debug1: restore_uid: 0/3 debug1: temporarily_use_uid: 0/3 (e=0/3) debug1: trying public key file //.ssh/authorized_keys2 debug3: secure_filename: checking '/.ssh' debug3: secure_filename: checking '/' debug3: secure_filename: terminating check at '/' debug1: matching key found: file //.ssh/authorized_keys2, line 1 Found matching DSA key: be:ca:c4:c5:ad:b3:4a:7c:42:c1:2d:3e:7e:30:91:e5 debug1: restore_uid: 0/3 debug3...

Hello All, I'm getting a peculiar error can you guys tell me what I need? debug1: restore_uid debug2: key not found debug1: temporarily_use_uid: 210/1 (e=0) debug1: trying public key file /home/applmgr/.ssh/authorized_keys2 debug3: secure_filename: checking '/home/applmgr/.ssh' debug3: secure_filename: checking '/home/applmgr' debug3: secure_filename: terminating check at '/home/applmgr' debug1: matching key found: file /home/applmgr/.ssh/authorized_keys2, line 1 Found matching DSA key: 0b:3a:2a:ff:38:56:e6:26:d8:20:...

...ntering: type 22 debug3: mm_request_receive entering debug3: monitor_read: checking request 21 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x7f8a5c7aaf20 debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: trying public key file /root/.ssh/authorized_keys debug3: secure_filename: checking '/root/.ssh' debug3: secure_filename: checking '/root' debug3: secure_filename: terminating check at '/root' debug3: key_read: type mismatch debug2: user_key_allowed: check options: 'ssh-dss **deleted**' debug2: key_type_from_name: unknown key type '**...

...wed entering debug3: mm_request_send entering: type 20 debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x8098168 debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: trying public key file /etc/ssh/authorized_keys.root debug3: secure_filename: checking '/etc/ssh' debug3: secure_filename: checking '/etc' debug3: secure_filename: checking '/' buffer_get_bignum2: negative numbers not supported debug1: do_cleanup debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering:...

http://bugzilla.mindrot.org/show_bug.cgi?id=296 ------- Additional Comments From bugzilla-openssh at thewrittenword.com 2002-06-26 01:20 ------- Are you sure? I have 3.3p1 running on 4.0D and 5.1 and I can connect as non-root. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...ering: type 21 debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 99468 debug1: temporarily_use_uid: 12345/10 (e=0/0) debug1: trying public key file /tmp/testme/.ssh/authorized_keys debug3: secure_filename: checking '/tmp/testme/.ssh' debug3: secure_filename: checking '/tmp/testme' debug3: secure_filename: terminating check at '/tmp/testme' debug1: matching key found: file /tmp/testme/.ssh/authorized_keys, line 1 Found matching RSA key: 42:1b:5b:46:12:a2:78:4d:7c:fc:b8:5a:a5:...

...nto /home/test/.ssh/authorized_keys 4) Set acl on /home/test like "setfacl -m u:test:rwx /home/test" 5) Try to login as test on remote host via ssh Results: PubkeyAuthentication failed. sshd error message: "debug1: trying public key file /home/test/.ssh/authorized_keys debug3: secure_filename: checking '/home/test/.ssh' debug3: secure_filename: checking '/home/test' Authentication refused: bad ownership or modes for directory /home/test" ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

today I've got a strange error on a AIX 4.3 box (OpenSSH 3.1p1) secure_filename() fails with "realpath /users/fmohr/.ssh/authorized_keys failed: Permission denied" in a (realy special) case: - /users/fmohr/ is mounted by the automounter - the directory is exported via a dfs/nfs gateway - StrictModes is set to yes it works if the mounted directory is directly expor...

...0:00:07 sshserver sshd[27976]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 999/1002 (e=0/0) Nov 9 10:00:07 sshserver sshd[27976]: [ID 800047 auth.debug] debug1: trying public key file /home/testuser/.ssh/authorized_keys2 Nov 9 10:00:07 sshserver sshd[27976]: [ID 800047 auth.debug] debug3: secure_filename: checking '/home/testuser/.ssh' Nov 9 10:00:07 sshserver sshd[27976]: [ID 800047 auth.debug] debug3: secure_filename: checking '/home/testuser' Nov 9 10:00:07 sshserver sshd[27976]: [ID 800047 auth.debug] debug3: secure_filename: terminating check at '/home/testuser' Nov...