Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Thu, 24 Feb 2005 10:50:58 -0500 (EST)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Michele Petrazzo <michele DOT petrazzo AT unipex DOT it>
cc: cygwin AT cygwin DOT com
Subject: Re: sshd and authorized_keys
In-Reply-To: <421DEAF3.8070807@unipex.it>
Message-ID: <Pine.GSO.4.61.0502241046430.8085@slinky.cs.nyu.edu>
References: <421DEAF3 DOT 8070807 AT unipex DOT it>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Thu, 24 Feb 2005, Michele Petrazzo wrote:

> I'm making some test with sshd and authorized_keys.
> I'm able to login without password from a client, but I want to
> move the authorized_keys from ~/.ssh/ to another directory, for
> example /ssh/keys/authorized_keys, because I want to use only one
> key (I have only one user that can login into this machine)
> sshd say me:
>
> debug1: trying public key file /ssh/keys/authorized_keys
> Authentication refused: bad ownership or modes for directory /
>
> I don't want to modify ownership of / !
>
> Is there a method to tell to sshd to don't make control of
> ownership?
> Or, is there a method for make my idea work?

Sure.  Move the "ssh" directory one level down, and set the permissions on
the containing directory appropriately.  E.g.,

mkdir /private && chmod 755 /private && mv /ssh /private

However, I don't see why you're so resistant with making "/" non-writeable
for anyone that's not your user...  Since you're the only user on the
machine, the only other concievable users that would be affected are
internal Windows users, like "LocalSystem" (a.k.a. SYSTEM), and I can see
no reason in allowing them to write to "/" (you can always make
subdirectories of root writeable).
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"The Sun will pass between the Earth and the Moon tonight for a total
Lunar eclipse..." -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/