Created attachment 2566 [details] Output of ssh -v Overview Attempting to ssh (using a key) into a machine that has correct .ssh folder permissions but incorrect home directory permissions results in unexpected behaviour. Instead of logging a message about incorrect permissions, it logs attempts to try keyfiles that don't exist interspersed with messages about which auth methods can continue. Steps to Reproduce 1) Set up (rsa) keys between client and server normally. 2) Set server home directory to world writable. 3) Attempt to ssh to the server. Expected Results Fails to password, but prints a line in the verbose output about the reason being incorrect .ssh parent folder permissions. Actual Results Asks for a password to log in. Verbose mode shows that it is trying a several keys that both exist and don't exist, printing a message about what auth modes are allowed, but no information about incorrect permissions. Versioning Server OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 Client OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014 The exact same problem occurs between two machines on OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 as well. Additional Information
(In reply to Murph Murphy from comment #0) > Server > OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 That's a 5+ year old version of the server and I think the problem you are reporting was fixed a bit over 4 years ago: https://anongit.mindrot.org/openssh.git/commit/?id=48147d6801be6b9158c4bcedce6c67b0d591d642 Can you reproduce the problem with a current version on the server side?
Nope! Don't know how I missed that update, couldn't find anything in my search before I posted. Thanks!
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1