I have added these lines on sshd_config
AuthorizedKeysCommand /authorizedkeys/authorized-keys
AuthorizedKeysCommandUser ssh-keys
-rwxr-x--- 1 root ssh-keys 712 Dec 23 22:36 /authorizedkeys/authorized-keys
-rwxr-x--- 1 root ssh-keys 712 Dec 23 22:36 authorized-keys
ssh-keys user can excecute the file(/authorizedkeys/authorized-keys). but I cannot ssh to server; ssh [email protected]
in auth.log I can see this line,
error: Unsafe AuthorizedKeysCommand: bad ownership or modes for directory /
if I give 770 permission to /authorizedkeys/authorized-keys file, I get following error,
error: Unsafe AuthorizedKeysCommand: bad ownership or modes for file /authorizedkeys/authorized-keys
I tried using root as the AuthorizedKeysCommandUser and changed permission and owner of /authorizedkeys/authorized-keys file. it did not work too.
I am using OpenSSH_6.6.1p1 on ubuntu 14.04.
note:I can ssh fine with authorized_keys file
Unsafe AuthorizedKeysCommand: bad ownership or modes for directory /
It's complaining about ownership or permissions on the root directory. According to the source code the file, the directory containing the file, and all parent directories (including the root directory) have to be owned by root. The permissions on all of these files and directories have to be 0755 (deny write access to group and other).
My guess is that you have group write permission set on your root directory, or something like that.
Giving 0770 permissions to "/authorizedkeys/authorized-keys" also causes that file to fail the permissions check.
For completeness, this is the section of code which emits the directory error:
if (stat(buf, &st) < 0 ||
(!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
(st.st_mode & 022) != 0) {
snprintf(err, errlen,
"bad ownership or modes for directory %s", buf);
return -1;
}
It emits that error if: