ssh via public key uses wrong authorized_keys file

Anything regarding SSL/SSH and other security questions may go here
Forum rules
Synology Community is the new platform for the enthusiasts' interaction, and it will soon be available to replace the Forum.
cleue
I'm New!
I'm New!
Posts: 3
Joined: Thu Oct 13, 2016 10:16 am

ssh via public key uses wrong authorized_keys file

Unread post by cleue » Wed Jan 24, 2018 10:23 am

I am running:
DS216j
DSM 6.1.4-15217 Update 2

I would like to log into my diskstation using ssh and public key auth. The keys are copied via ssh-copy-id and the files and permissions look good. I can also login successfully using the password method.
However my authorized_key file is not respected.

I debugged this via

Code: Select all

sudo /bin/sshd -d -d -d -p 921
and found the following:

Code: Select all

...
debug1: temporarily_use_uid: 1026/100 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: Could not open authorized keys '/root/.ssh/authorized_keys': Permission denied
the userid 1026 is ok, but the path '/root/.ssh/authorized_keys' is not. I am not logging on as root, but with a different user ID (the numerical ID 1026 printed out is the correct ID for that user).

I am unable to figure out why the system builds the path '/root/.ssh/authorized_keys' instead of using the file in my user's home directory.

Any ideas how to debug or to fix this?

Cheers
Carsten

Squozen
Guru
Guru
Posts: 1552
Joined: Wed Jan 09, 2013 1:35 am

Re: ssh via public key uses wrong authorized_keys file

Unread post by Squozen » Wed Jan 24, 2018 4:42 pm

Do the comments in this post help at all?

https://www.chainsawonatireswing.com/20 ... than-root/

cleue
I'm New!
I'm New!
Posts: 3
Joined: Thu Oct 13, 2016 10:16 am

Re: ssh via public key uses wrong authorized_keys file

Unread post by cleue » Fri Jan 26, 2018 9:43 pm

Unfortunately this article did not help. I had the user home service activated. When I login via ssh and password, I see that ~ is mapped to a folder specific to my user. I have added the .ssh folder and authorized keys as indicated.

Still public key login does not work. From the sshd traces it looks like the position of my user's home directory is not computed as expected (since it points to /root/.ssh instead of my user's directory). Unfortunately there is no logging the the ssh source code that traces how the folder name is computed.

spiyy
I'm New!
I'm New!
Posts: 1
Joined: Thu Apr 05, 2018 10:21 am

Re: ssh via public key uses wrong authorized_keys file

Unread post by spiyy » Thu Apr 05, 2018 10:39 am

Run into the same problem with DS218+.
Found this link: https://www.chainsawonatireswing.com/20 ... than-root/

However finally the trick was done by some privilege juggling.
The ssh-daemon denies to use keys stored in improper directories and files.
I was already astonished after running ssh-copy-id from my laptop that on DS218+ both, the directory has had 755 and the authorized_keys file 666 permissions. I set that accordingly. However first also let my own home-dir on DS218+ be set as 750 finally changed behaviour of sshd.

Post Reply

Return to “Security/Secured Mods”