On Wed, Feb 10, 2016 at 10:35 AM, Randall S. Becker <rsbecker@xxxxxxxxxxxxx> wrote: > Thread split from my previous communication. Here is the key-commands logs > on the platform. [...] OK, in this case the interesting bit is in the failed-sshd.log. > Unsafe AuthorizedKeysCommand "/var/run/keycommand_SUPER.SUPER": bad > ownership or modes for file /var/run/keycommand_SUPER.SUPER > > debug1: restore_uid: 65535/255 sshd ensures that the AuthorizedKeysCommand can't be modified by a non-privileged user for obvious reasons. Based on what you said earlier, your root (equivalent?) user is not uid 0. I suspect that the permissions on the keycommand file to not match sshd's expectations. The code that checks this is in auth2-pubkey.c:subprocess() which calls auth.c:auth_secure_path(). What are the file permissions on /var/run/keycommand_SUPER.SUPER and its parent directories? Did you run the test with SUDO=sudo? Where did SUPER.SUPER come from? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev