Bug 29 - ssh with publickey authentication to AIX system fails with NFS mounted home directory
Summary: ssh with publickey authentication to AIX system fails with NFS mounted home d...
Status: CLOSED DUPLICATE of bug 220
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: All AIX
: P2 major
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2001-12-05 04:53 AEDT by Kirk Deen
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kirk Deen 2001-12-05 04:53:52 AEDT 
ssh login using publickey authentication to an AIX system with NFS mounted 
home directory fails, prompts for password, and then succeeds when password is 
entered.  Fails using protocol 1 and 2.  Remote system is running OpenSSH 
3.0.2p1.  Failures occur when user's remte home directory and .ssh directory 
are set to 700.  If permissions on both directories are set to 711 or the NFS 
mounted home directory is exported with root access, the login succeeds 
without prompting for a password.  Problem existed in 2.9.9p2, but not in 
2.9p2. Verbose output of login follows.

% ssh -v -1 sp70
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /home/msib/kdeen/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/openssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 10214 geteuid 0 anon 1
debug1: Connecting to sp70 [128.101.135.70] port 22.
debug1: temporarily_use_uid: 10214/10200 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 10214/10200 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/msib/kdeen/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.0.2p1
debug1: match: OpenSSH_3.0.2p1 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.9p2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'sp70' is known and matches the RSA1 host key.
debug1: Found key in /home/msib/kdeen/.ssh/known_hosts:19
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying RSA authentication via agent with 'kdeen@nimbus.msi.umn.edu'
debug1: Remote: Authentication refused: realpath   
/homes/sp4/kdeen/.ssh/authorized_keys failed: The file access permissions do 
not allow the specified action.
debug1: Server refused our key.
debug1: RSA authentication using agent refused.
debug1: Trying RSA authentication with key 'kdeen@nimbus.msi.umn.edu'
debug1: Remote: Authentication refused: realpath 
/homes/sp4/kdeen/.ssh/authorized_keys failed: The file access permissions do 
not allow the specified action.
debug1: Server refused our key.
debug1: Doing password authentication.
kdeen@sp70's password: 
debug1: Requesting pty.debug1: Requesting X11 forwarding with authentication 
spoofing.
Warning: Remote host denied X11 forwarding.
debug1: Requesting authentication agent forwarding.
debug1: Requesting shell.
debug1: Entering interactive session.
%
Comment 1 Damien Miller 2001-12-12 12:00:50 AEDT 
Discussion on openssh-unix-dev@ points to a broken AIX realpath() which uses
ruid (instead of euid) to perform checking. We need a configure test or (ugly)
another platform-specific BORKEN_REALPATH
Comment 2 Ben Lindstrom 2002-07-18 07:08:54 AEST 

*** This bug has been marked as a duplicate of 220 ***
Comment 3 Damien Miller 2004-04-14 12:24:17 AEST 
Mass change of RESOLVED bugs to CLOSED