LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-07-2012, 01:26 AM   #1
chrys
LQ Newbie
 
Registered: Feb 2010
Location: San Francisco, CA
Distribution: CentOS
Posts: 4

Rep: Reputation: 0
Question Allowing .ssh/authorized_keys to be owned by root


I would like to set up a particular user account to have ssh access from a particular client using a public key, but prevent anyone logged in to this account from adding to the authorized_keys file.

I would have liked to make the .ssh directory contents owned by root so the account user cannot change it, but OpenSSH requires that the authorized_keys file be owned by the user.

I only want to do this with one account, so I want sshd to behave as usual with other accounts.

Is there another way of accomplishing what I want to do?

Thanks!
-C
 
Old 02-07-2012, 01:54 AM   #2
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 18 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Hello,

You could use chattr and make the file immutable. That wouldn't require any changes on the permissions, that is, you wouldn't need to change owner. Just use:
Code:
chattr +i /home/<user>/.ssh/authorized_keys
and the file will be immutable. Nobody, not even root, would be able to edit it and only root can change the attributes again. I think that's about your best option.

Kind regards,

Eric
 
1 members found this post helpful.
Old 02-08-2012, 02:00 AM   #3
Valery Reznic
ELF Statifier author
 
Registered: Oct 2007
Posts: 666

Rep: Reputation: 132Reputation: 132
Quote:
Originally Posted by EricTRA View Post
Hello,

You could use chattr and make the file immutable. That wouldn't require any changes on the permissions, that is, you wouldn't need to change owner. Just use:
Code:
chattr +i /home/<user>/.ssh/authorized_keys
and the file will be immutable. Nobody, not even root, would be able to edit it and only root can change the attributes again. I think that's about your best option.

Kind regards,

Eric
Nice idea, never though about it. But while it protect from editing/renaming/removing /home/<user>/.ssh/authorized_keys
User will still be able
Code:
mv /home/<user>/.ssh/authorized_keys /home/<user>/.ssh.orig/authorized_keys
mkdir /home/<user>/.ssh
# put in authorized_keys whatever user likes :(
 
Old 02-08-2012, 02:35 AM   #4
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 11.4
Posts: 1,319

Rep: Reputation: 252Reputation: 252Reputation: 252
For me it’s also working if ~/.ssh/authorized_keys is owned by root, as long as the file is readable by the user.

What about using hostbased authentication for this particular machine? The authorized_keys file could be empty then and owned by root, to avoid that someone copies the user’s private key on the client machine to another one (in case the purpose is to avoid access from another machine from this user), or destroys the private key and look theirself out.
 
Old 02-08-2012, 02:49 AM   #5
Valery Reznic
ELF Statifier author
 
Registered: Oct 2007
Posts: 666

Rep: Reputation: 132Reputation: 132
Quote:
Originally Posted by Reuti View Post
For me itís also working if ~/.ssh/authorized_keys is owned by root, as long as the file is readable by the user.
But if .ssh owned by user then user still will be able remove authorized_keys and recreate this file with any content -
the very thing that OP tried to prevent
 
Old 02-08-2012, 04:17 AM   #6
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 11.4
Posts: 1,319

Rep: Reputation: 252Reputation: 252Reputation: 252
Quote:
Originally Posted by Valery Reznic View Post
But if .ssh owned by user then user still will be able remove authorized_keys and recreate this file with any content -
the very thing that OP tried to prevent
I didnít say that it solves the problem, only that in my version of SSH itís working in this case too.

With hostbased authentication it should be possible to disable public key authentication in /etc/ssh/sshd_config for this user/client machine.
 
Old 02-08-2012, 04:36 AM   #7
Valery Reznic
ELF Statifier author
 
Registered: Oct 2007
Posts: 666

Rep: Reputation: 132Reputation: 132
Quote:
Originally Posted by Reuti View Post
I didnít say that it solves the problem, only that in my version of SSH itís working in this case too.
I interpreter yours "works for me" as proposed solution. My bad.

Now that I re-read original post... I think that I miss whole point - why user shouldn't be able to modify his own
authorized_keys file, what do you actually trying to prevent?

@chrys, could you explain please?
 
Old 02-08-2012, 11:12 PM   #8
chrys
LQ Newbie
 
Registered: Feb 2010
Location: San Francisco, CA
Distribution: CentOS
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks to everyone who has responded to this question!

The purpose here is indeed to avoid access from another machine from this user. It's an account out of which a public web site runs, and the user account needs to be accessed by staff for administration, which should only be done from a very restricted (kiosk-like) machine (where one cannot just copy the secret key and take it awsy) in a particular office. The website is run out of this account, which is implemented as a mix of C CGI and PHP using suPHP.

Shell access is necessary for some functions, so SSH must be enabled so I can get in and do what needs to be done. The concern is that if there is an exploit in any of the suPHP scripts that allowed someone to write files, someone could execute code as the user that could add to authorized keys. open_basedir is not a defense against a binary helper program, and binaries must be able to run in the web directory.

Last edited by chrys; 02-09-2012 at 12:19 AM. Reason: Added to description of problem
 
Old 02-09-2012, 03:58 AM   #9
Valery Reznic
ELF Statifier author
 
Registered: Oct 2007
Posts: 666

Rep: Reputation: 132Reputation: 132
I still don't understand why this specific user should access your box only from specific machine and others can do whatever they like. Or I miss something?

Anyway, may be AllowUsers option in the sshd config will help?
 
Old 02-09-2012, 08:39 AM   #10
orgcandman
Member
 
Registered: May 2002
Location: dracut MA
Distribution: Ubuntu; PNE-LE; LFS (no book)
Posts: 594

Rep: Reputation: 102Reputation: 102
Quote:
The concern is that if there is an exploit in any of the suPHP scripts that allowed someone to write files, someone could execute code as the user that could add to authorized keys.
Erm.. if they can run code as the user, why wouldn't they just send an executing instance of /bin/sh back to themselves (and bypass most of the logging that sshd does)? Remember, if they're executing arbitrary code, you've lost.

Additionally, they'd be running as www-data/nobody/some other account, which is a completely separate user (unless you have your server running as root, and in that case you're boned).

I think you're making too niche of a security policy.
 
  


Reply

Tags
ssh access using key


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
using root with ssh 'command=' and authorized_keys hank43 Linux - Security 1 09-11-2006 05:51 AM
Allowing root login to ssh only on LAN monkeyfoo Linux - Security 6 07-17-2006 09:42 PM
Make a file owned by root owned by a user sharpie Linux - Newbie 2 02-26-2004 01:26 AM
ssh users and authorized_keys ifm Linux - Security 3 06-12-2002 08:24 PM
Anyway to use rsync ssh without allowing root access? ifm Linux - Security 0 06-12-2002 01:01 PM


All times are GMT -5. The time now is 03:01 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration