0

I have a java application running on tomcat8. This application has a method for users to upload a public ssh key, which is then added to a local users authorized_keys (limited to scp on a single folder), so that they can use scp to the server using this one remote username.

The problem here is that tomact requires write access to the authorized_keys file. However sshd requires the permissions to be chmod 600.

How can I enable tomcat to write to the authorized_keys file and yet have the correct permissions for sshd to run. Alternatively I have thought of simply using the tomcat user as the scp user. however this feels like a bad idea.

Thanks for the Help Benedict

--- EDIT --- I have found out that I can give tomcat write permissions by deactivating StrictMode in sshd. I am not shure if this is a good idea?

bwright
  • 123
  • 8
  • The only way to maintain ownership and permissions is to have the serving process run as root (very bad idea) or as the user whose home directory you're writing to and so invoked via SSH, which would require a re-design of your system. How do you authenticate users on this application? Have you considered SSSD for a centralised approach to key management/user auth? – SmallClanger May 31 '17 at 12:55
  • hmm I don't know what SSSD is, but I'll check it out. For now see my edit. – bwright May 31 '17 at 13:03
  • Essentially, there are very well known and established tools for handling PKI auth on Unix system (NIS, FreeIPA) . I can't recommend enough that you investigate an implement one of these rather than relying on bespoke tools. Even with the best developers in the world, you're adding a lot of unnecessary risk and maintenance. Workarounds (such as disabling StrictMode) will only add to your woes. – SmallClanger Jun 01 '17 at 13:50
  • @SmallClanger Thanks for the comments. I will definitely have a look at the tools you mentioned – bwright Jun 01 '17 at 14:02

1 Answers1

0

You could have tomcat write someplace amenable to tomcat, and a separate root process that monitors that location, does whatever validation you can, and then merges it into the local authorized key file.

I hope you have really good authentication on your tomcat app. Please consider some other mechanism (such as LDAP) for controlling root access to the host.

Jason Martin
  • 5,023
  • 17
  • 24