[Bug 505301] Re: openssh server should warn that .ssh/authorized_keys is not accessible (causing ssh pubkey authentication to fail silently)

[LimCore]

The attached trivial patch applies the wish I described above,
it informs more why authorized_keys is not being used.

The patch is tested for all error conditions it should report, both with
default LogLevel INFO, as well as with DEBUG3.

Below detaild explanation what it does - and results of test.

It needs debug1 level to show conditions that are typical (missing
authorized_keys), and it logs usually conditions that look like errors
(i.e. .ssh/authorized_keys exists, but is inaccessible)

Examples of what will be in log for various use cases conditions:

rm .ssh/authorized_keys
Jan 10 05:22:48 lcwood sshd[15934]: debug1: unable to open public key file /home/rafal/.ssh/authorized_keys

chmod 000 .ssh/authorized_keys
Jan 10 05:19:26 lcwood sshd[15763]: authorized_keys ERROR: permission denied for opening user rafal authorized keys /home/rafal/.ssh/authorized_keys!

chmod 000 .ssh/
Jan 10 05:21:08 lcwood sshd[15817]: authorized_keys ERROR: permission denied for opening user rafal authorized keys /home/rafal/.ssh/authorized_keys!

mv .ssh .ssh-2
ln -s .ssh .ssh
Jan 10 05:26:40 lcwood sshd[16088]: authorized_keys ERROR: Can not access user rafal authorized keys /home/rafal/.ssh/authorized_keys - Too many levels of symbolic links (errno=40)!


And with option (/etc/ssh/sshd_config)
  LogLevel INFO
only the error conditions thes ones with ERROR are loged, since they are undexpted.


** Attachment added: "Adds more debug to sshd about problems accessing authorized_keys - most common missconfiguration of public key ssh"
   http://launchpadlibrarian.net/37667511/moredebug1.diff

-- 
openssh server should warn that .ssh/authorized_keys is not accessible (causing ssh pubkey authentication to fail silently)
https://bugs.launchpad.net/bugs/505301
You received this bug notification because you are a member of Ubuntu
Server Team, which is a direct subscriber.