4

I have MASTER key under user alexus, yet whenever trying to ssh as root and/or other users on the box via sudo and getting error Bad owner or permissions on /root/.ssh/config

[root@wcmisdlin02 ~]# ls -ld .ssh
lrwxrwxrwx. 1 root root 17 May 14 13:00 .ssh -> /home/alexus/.ssh
[root@wcmisdlin02 ~]# ll .ssh/config 
-rw-------. 1 alexus alexus 215 Feb  4 12:47 .ssh/config
[root@wcmisdlin02 ~]# ssh XXXXX
Bad owner or permissions on /root/.ssh/config
[root@wcmisdlin02 ~]#

This was working before, I recently rebuild my system and trying to get this to work and can't figure out what's missing(

[root@wcmisdlin02 ~]# getenforce 
Permissive
[root@wcmisdlin02 ~]#

Please advise.

alexus
  • 13,112
  • 32
  • 117
  • 174

1 Answers1

9

You have used symlinks so that /root/.ssh is a symlink to /home/alexus/.ssh. Ssh is not going to like that, because it gives alexus write access to .ssh/config and all the other .ssh/* files.

You need to remove the symlink, copy the files into root's directory, and change the ownership of all of it to root. If you're doing the symlink stuff so that root and alexus share a keypair, you may be able to symlink just the id_* files into /root/.ssh/.

Something like this:

rm /root/.ssh
mkdir /root/.ssh
cp /home/alexus/.ssh/* /root/.ssh/
chown -R root /root/.ssh
rm /root/.ssh/id_*
ln -s /home/alexus/.ssh/id_* /root/.ssh/
freiheit
  • 14,544
  • 1
  • 47
  • 69
  • Note that this solution requires modifying the default permissions on the /root directory so that the user `alexus` can read those files. Not sure, but probably setting `StricModes` to `no` in `/etc/ssh/sshd_config` would be needed as well. – dawud May 14 '13 at 18:58
  • @dawud it doesn't require. The author creates `/root/.ssh/id_rsa` *(same for `/root/.ssh/id_rsa.pub`)* that is a symlink to `/home/alexus/.ssh/id_rsa`. Since root already has permission to read alexus's dir, everything is alright. – Hi-Angel Mar 13 '20 at 11:50