The string contains the public key ~/.ssh/id_rsa.pub on the computer I’m trying to log in from. Authentication fails with the following errors:
sshd[3771]: Authentication refused: bad ownership or modes for directory /
sshd[3771]: error: PAM: Authentication failure for user from 192.168.0.204
sshd[3771]: Connection closed by authenticating user user 192.168.0.204 port 38076 [preauth]
Does anybody know why this could be? It’s very strange that it’s looking at directory /
If / is writable by anyone else but woot, SSH considers that an error, as basically everyone could swap out /etc or other important top level folders and “fool” the authentication that way.
So / has to be root owned and 755 for SSH to work.
The root of a tmpfs is 1777 by default, because that’s a reasonable option for tmpdirs, and yes, mode is the correct option name.
Because of the sticky bit, I’m not sure it’s actually a big security hole, come to think of it… but regardless, ssh treats such strange permissions as a hard failure, in order to protect against the attacks that are possible because of it.