ssh reports "bad ownership or modes for directory /home/olpc"

[MitchellNCharity]

Joyride 1366 (Dec 04).

Under qemu, ssh'ing in as olpc, using a key and a ~olpc/.ssh/authorized_keys, now fails with

Dec 4 15:57:09 localhost sshd[1492]: Authentication refused: bad ownership or modes for directory /home/olpc

in /var/log/secure.

root still works. olpc used to.

# ls -ld /home/olpc drwxrwxr-x 9 olpc olpc 4096 Dec 4 15:57 /home/olpc

# ls -la /home/olpc/.ssh/ total 16 drwx------ 2 olpc olpc 4096 Dec 4 15:12 . drwxrwxr-x 9 olpc olpc 4096 Dec 4 15:57 .. -rw------- 1 olpc olpc 412 Dec 4 15:12 authorized_keys

[cscott]

This is probably related to #4928.

[bernie]

olpc-configure now takes care of this by resetting .ssh to 755 just after updating permissions in /home/olpc.

I didn't bother adding additional logic to retroactively fix .ssh's permissions on systems that were updated with interim joyride relases. I suppose whoever knows how to use ssh is also capable of figuring out how to fix this.

[MitchellNCharity]

Still broken in joyride 1387.

sshd appears to dislike /home/olpc being group writable.

# ssh fails $ chmod g-w /home/olpc # ssh works

[cscott]

From 'man sshd':

             If this file, the ~/.ssh directory, or the user's home directory
             are writable by other users, then the file could be modified or
             replaced by unauthorized users.  In this case, sshd will not
             allow it to be used unless the StrictModes option has been set to
             ``no''.  The recommended permissions can be set by executing
             ``chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys''.

I'd recommend setting StrictModes to 'no' in our sshd configuration. I guess I'll make that change in pilgrim.

[ffm]

That would be a bad idea, as a rouge activity could add an arbitrary ssh key in .ssh/authorized_keys, thus allowing the laptop to be comprimised. And since user olpc will soon have sudo rights, a malicious user could comprimise root.

[ffm]

We could just have it run chmod go-w ~olpc/ ~olpc/.ssh ~olpc/.ssh/authorized_keys on every boot, though.

[cscott]

No, .ssh is not group-writable, /home/olpc is. I believe the issue is that an activity could rename the .ssh directory and create their own, since /home/olpc is writable by the group. I believe that setting the sticky bit on /home/olpc would solve the problem:

  When the sticky bit is set on a directory, a file in that directory may
  be unlinked or renamed only by the directory owner, the file owner,  or
  root.   Without  the  sticky bit, anyone able to write to the directory
  can delete or rename files.  The sticky bit is commonly found on direc-
  tories, such as /tmp, that are world-writable.

Michael, I don't know why it was necessary to make /home/olpc group-writable. Would setting the sticky bit break your use?

[cscott]

Note to self: we also need to ensure PermitEmptyPasswords is set correctly; trac #5537.

[cscott]

Works in joyride-1453.

[cscott]

This is a pilgrim patch; assign back to me after approval for commit to update.1 branch.

[dgilmore]

What is needed for pilgim?

[cscott]

Committed in http://dev.laptop.org/git?p=users/cscott/pilgrim;a=commitdiff;h=47912b013ebd0ed4d7eb3332c6e2fa8a2c17e3e0

[mstone]

I believe that this issue is fixed in joyride >= 1508 by bernie's and my olpc-utils work on #4928 and #5626.

[MitchellNCharity]

Worked on joyride 1514.

[cscott]

Closing ancient fixed bug. Yell if you see this again.