Re: Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, Feb 10, 2016 at 10:35 AM, Randall S. Becker
<rsbecker@xxxxxxxxxxxxx> wrote:
> Thread split from my previous communication. Here is the key-commands logs
> on the platform.

[...]

OK, in this case the interesting bit is in the failed-sshd.log.

> Unsafe AuthorizedKeysCommand "/var/run/keycommand_SUPER.SUPER": bad
> ownership or modes for file /var/run/keycommand_SUPER.SUPER
>
> debug1: restore_uid: 65535/255

sshd ensures that the AuthorizedKeysCommand can't be modified by a
non-privileged user for obvious reasons.

Based on what you said earlier, your root (equivalent?) user is not
uid 0.  I suspect that the permissions on the keycommand file to not
match sshd's expectations.  The code that checks this is in
auth2-pubkey.c:subprocess() which calls auth.c:auth_secure_path().

What are the file permissions on /var/run/keycommand_SUPER.SUPER and
its parent directories?  Did you run the test with SUDO=sudo?  Where
did SUPER.SUPER come from?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux