In article <1162475184.278098.179190@f16g2000cwb.googlegroups .com>
gsm.beamon@gmail.com writes:
>> % man sshd_config
>> ...
>> StrictModes
>> Specifies whether sshd should check file modes and ownership of
>> the user's files and home directory before accepting login. This
>> is normally desirable because novices sometimes accidentally
>> leave their directory or files world-writable. The default is
>> ``yes''.
>> ...
>>
>message received!
Hopefully you also received the implicit message about why the default
(which you shouldn't change without *very* good reason) made sshd refuse
the key-based authentication: If /home/miller is mode 777, even if
/home/miller/.ssh is mode 755, any user on the system can do e.g.:
mv /home/miller/.ssh /home/miller/foo
mkdir /home/miller/.ssh
cp $HOME/.ssh/authorized_keys /home/miller/.ssh
- and then log in as miller using his own private key. This applies
recursively upwards of course, i.e. lax permissions on '/' or '/home'
will allow a variant of the same trick.
--Per Hedeland
per@hedeland.org