[ELDK] Permissions on /root directory keep ssh from working properly
Wolfgang Denk
wd at denx.de
Thu Nov 6 20:32:16 CET 2008
Dear Dave,
In message <B7BC4CB64CA090478F283BA589292737578811 at abtg-mail.ambientcorp.com> you wrote:
>
> I've discovered something that I'd consider a minor bug in the default
> denx4.2 (maybe other versions too) distribution's root filesystem. It
> creates the /root directory with permissions of 775, which prevents
> dropbear from working properly if you want to set up the ssh server to
> allow clients to log in using authorized keys. ssh considers it a
> security hole if the directory containing the authorized keys is
> writable by anyone other than the user.
What exactly has the /root directory to do with that?
> I'm not sure if this should be fixed by simply making the default
> permissions on the /root directory 755, or if this would more
> appropriately be done by the dropbear RPM during installation, since
> it's an ssh specific problem. Maybe it would even be adequate to simply
> add a line to dropbear's README explaining that permissions of the user
> directory must be changed when using authorized keys.
According to the dropbear documentation (see "man 8 dropbearkey"), the
host keys are supposed to be placed in the /etc/dropbear/ directory.
That's what we're using all the time in ouyr setups, and we never had
any problems. And the permissions on the /etc/dropbear/ directory are
usually 0755 in our systems, without problems either.
Do you mean the permissions for the directory of the user keys? But
that is ~/.ssh, i. e. in your case it would be /root/.ssh ?
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
(null cookie; hope that's ok)
More information about the eldk
mailing list