I'm posting a bug another user described so well I don't think I need to write my own description: We have a very strange problem with SSH. It looks like sshd is ignoring "StrictModes no" and still doing strict permission checking. Can anyone give me some hint what the problem might be? Problem: As long as the various users directory (e.g. User XA302) is mode drwxr-sr-x everything is fine. But if I change this to drwxrwsr-x SSH complains "Authentication refused: bad ownership or modes for directory /appl/chroot/cp/XA302". We need group write permission on /appl/chroot/cp/... for our jobs which do further processing of the transfered files. So I set "StrictModes no" in sshd_config. Does anyone have a similar problem or knows why SSH might possibly ignore "StrictModes no"?
I can't replicate this. Please send a debug trace from the server ("sshd -ddd") failing to authenticate.
Hang on, are you talking about ChrootDirectory or authorized_keys?
We're talking about ChrootDirectory and the "new" internal-sftp feature in SSH.
StrictModes does not apply to ChrootDirectory.
"StrictModes does not apply to ChrootDirectory." Is that the intended behavior, or just the current state of things? It seems at odds with the man page, which states: "StrictModes: Specifies whether sshd(8) should check file modes and ownership of the user's files and home directory before accepting login."
This is intentional, see https://bugzilla.redhat.com/show_bug.cgi?id=522141 for what happens when the checks are relaxed. I have updated the manpage to clarify this.
With the release of 5.4p1, this bug is now considered closed.