sshd & permissions on home directories
Alex Forrow
alex at fav.or.it
Thu Jan 22 11:00:19 UTC 2009
Hi Kim,
Have you seen the 'StrictModes' option in sshd_config?
From 'man sshd_config':
StrictModes
Specifies whether sshd(8) should check file modes and ownership
of the user’s files and home directory before accepting login.
This is normally desirable because novices sometimes accidentally
leave their directory or files world-writable. The default is
“yes”.
Obviously wouldn't be ideal to disable, but would allow your users using
RSA to login.
Hope this helps,
Alex
kim.desmaele at bayercropscience.com wrote:
>
> Hi all,
>
> I'm have a few users on my systems here, who're using RSA authentication
> keys with an empy passphrase when connecting from a remote unix or linux
> box.
> Apparently, ssh refuses this authentication if the users home
> directory's permissions are not set to 0755 or less.
>
> The users would prefer to set the permissions 0775 on their home
> directories, but when doing so sshd requests the user password in any
> way...
>
> Any idea how to avoid this or a workaround?
>
> grts,
> Kim DS.
>
> ------------------------------------------------------------------------
>
> /The information contained in this e-mail is for the exclusive use of
> the intended recipient(s) and may be confidential, proprietary, and/or
> legally privileged. Inadvertent disclosure of this message does not
> constitute a waiver of any privilege. If you receive this message in
> error, please do not directly or indirectly use, print, copy, forward,
> or disclose any part of this message. Please also delete this e-mail
> and all copies and notify the sender. Thank you. /
>
> /For alternate languages please go to //http://bayerdisclaimer.bayerweb.com/
>
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
>
> --
> redhat-sysadmin-list mailing list
> redhat-sysadmin-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
More information about the redhat-sysadmin-list
mailing list