On Wed, Oct 18, 2006 at 02:36:35PM -0400, Clem Taylor wrote:
[...]
> As part of this change, I need to create root's authorized_keys file
> at boot time. So now I have /root/.ssh/authorized_keys symlinked to
> /tmp/.ssh/authorized_keys.
>
> /tmp is 1777, but /tmp/.ssh is 0700. When I attempt to login using a
> key that is in authorized_keys, I get "sshd: Authentication refused:
> bad ownership or modes for directory /tmp". If I change the
> permissions of /tmp to 1755, then sshd will allow the login, but this
> causes problems for things not running as root that need to write to
> /tmp.


So, add another intermediary directory which is owned by root and 700,
i.e.:

/tmp 1777
/tmp/root 0700
/tmp/root/.ssh 0700

Update your symlinks accordingly.

> It seems that sshd is finding the absolute path of the authorized_keys
> file and then stating the first path entry. I'm not quite sure why it
> is checking the top level directory and not the permissions of the
> directory that contains the authorized_keys.


Because ultimately the top level directory controls who will be able
to access the file, not the symlink or its parent.

--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D