On 03/03/09 02:21, Greg Wooledge wrote: > On Sat, Feb 28, 2009 at 03:13:06PM +1300, Morgan Read wrote: >> So >> Which environment variable does ssh use to determine where it looks for >> it's keys? I assumed it would be HOME, but under sudo HOME is set to >> the home directory of the user executing sudo not root's home. > > I happen to have 4.4p1 source lying about, so: > > pathnames.h:#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa" > > readconf.c: > if (options->protocol & SSH_PROTO_2) { > len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1; > options->identity_files[options->num_identity_files] = > xmalloc(len); > snprintf(options->identity_files[options->num_identity_files++], > len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA); > > len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1; > options->identity_files[options->num_identity_files] = > xmalloc(len); > snprintf(options->identity_files[options->num_identity_files++], > len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); > } > > So, at this point there's a string that contains "~/.ssh/id_rsa". > > ssh.c: > if ((pw = getpwuid(original_real_uid)) == NULL) > fatal("load_public_identity_files: getpwuid failed"); > if (gethostname(thishost, sizeof(thishost)) == -1) > fatal("load_public_identity_files: gethostname: %s", > strerror(errno)); > for (; i < options.num_identity_files; i++) { > cp = tilde_expand_filename(options.identity_files[i], > original_real_uid); > > where original_real_uid is set somewhere earlier in ssh.c. I won't > try to track it down any further (especially since I'm looking at > out-of-date sources), but it sure looks like it's evaluating the > home directory based on the current uid or euid, rather than the > contents of $HOME. It appears none of the environment variables has any impact on where ssh looks for it's keys. In desperation I ran: [rsync@ ~]$ sudo LOGNAME=rsync USERNAME=rsync USER=rsync UID=351 EUID=351 GID=351 EGID=351 ssh -vvv root@xxxxxxxxxxxxxxxxxxxxx ... debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug3: no such identity: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug3: no such identity: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa debug2: we did not send a packet, disable method ... Still ssh looks for keys in /root/ and not /home/rsync/ [rsync@ ~]$ sudo LOGNAME=rsync USERNAME=rsync USER=rsync UID=351 EUID=351 GID=351 EGID=351 env HOSTNAME=morgansmachine.lan TERM=xterm HISTSIZE=1000 QTDIR=/usr/lib/qt-3.3 LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:do=00;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=00;32:*.tar=00;31:*.tgz=00;31:*.svgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.lzma=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.dz=00;31:*.gz=00;31:*.bz2=00;31:*.tbz2=00;31:*.bz=00;31:*.tz=00;31:*.deb=00;31:*.rpm=00;31:*.jar=00;31:*.rar=00;31:*.ace=00;31:*.zoo=00;31:*.cpio=00;31:*.7z=00;31:*.rz=00;31:*.jpg=00;35:*.jpeg=00;35:*.gif=00;35:*.bmp=00;35:*.pbm=00;35:*.pgm=00;35:*.ppm=00;35:*.tga=00;35:*.xbm=00;35:*.xpm=00;35:*.tif=00;35:*.tiff=00;35:*.png=00;35:*.mng=00;35:*.pcx=00;35:*.mov=00;35:*.mpg=00;35:*.mpeg=00;35:*.m2v=00;35:*.mkv=00;35:*.ogm=00;35:*.mp4=00;35:*.m4v=00;35:*.mp4v=00;35:*.vob=00;35:*.qt=00;35:*.nuv=00;35:*.wmv=00;35:*.asf=00;35:*.rm=00;35:*.rmvb=00;35:*.flc=00;35:*.avi=00;35:*.fli=00;35:*.gl=00;35:*.dl=00;35:*.xcf=00;35:*.xwd=00;35:*.yuv=00;35:*.svg=00;35:*.aac=00;36:*.au=00;36:*.flac=00;3 6:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36: MAIL=/var/spool/mail/rsync LANG=en_NZ.UTF-8 HOME=/home/rsync SHELL=/bin/bash LOGNAME=rsync USER=rsync USERNAME=rsync PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin SUDO_COMMAND=/bin/env SUDO_USER=rsync SUDO_UID=351 SUDO_GID=351 EGID=351 GID=351 EUID=351 UID=351 And, this runs fine: [rsync@ ~]$ ssh -vvv root@xxxxxxxxxxxxxxxxxxxxx OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007 ... debug1: Next authentication method: publickey debug1: Trying private key: /home/rsync/.ssh/identity debug3: no such identity: /home/rsync/.ssh/identity debug1: Trying private key: /home/rsync/.ssh/id_rsa debug3: no such identity: /home/rsync/.ssh/id_rsa debug1: Offering public key: /home/rsync/.ssh/id_dsa debug3: send_pubkey_test ... So, is there any other environment variable to try, and if not, where does ssh derive it's "home" directory from? Many thanks, Morgan. PS. Here's the whole of the various permutations: http://www.read.org.nz/SudoEnvSsh.txt -- Getting errors: "There are problems with the signature" (or similar)? Update your system by installing certificates from CAcert Inc, see here: http://wiki.cacert.org/wiki/BrowserClients?#head-259758ec5ba51c5205cfb179cf60e0b54d9e378b Or, if Internet Explorer is your default browser, simply click this link: http://www.cacert.org/index.php?id=17 Morgan Read NEW ZEALAND <mailto:mstuffATreadDOTorgDOTnz> fedora + freedom; fact || fiction? http://fedoraproject.org/wiki/Overview get freed-ora! http://www.fsfla.org/svnwiki/selibre/linux-libre/freed-ora