topic Re: run ssh in a setuid program in Operating System - HP-UX

run ssh in a setuid program

Raymond Yip — Fri, 06 Oct 2006 01:49:12 GMT

I have a setuid program which spawns to run ssh. The problem is, ssh seems not be able to read the key file if the key file is readable only to the user of the setuid program. Ssh asks for the passphrase of the key file, which is actually not password protected. I tried changing the permission of the key file to world readable. Then ssh could read the key file and connected to the server without a password.

Why is this so?

Re: run ssh in a setuid program

Calandrello — Mon, 09 Oct 2006 13:20:49 GMT

Raymond
you insert its key in file .ssh of user ?

Re: run ssh in a setuid program

Steven Schweda — Mon, 09 Oct 2006 13:29:31 GMT

>I have a setuid program which spawns to run
> ssh.

So when this program is running, it acts as
if it were being run by a user with the
program's uid, not the actual user's uid.

> [..] ssh seems not be able to read the key
> file if the key file is readable only to
> the user of the setuid program.

Which is as it should be. A user with the
program's uid should not be able to read a
file which only the actual user can read.

It may not be easy to pretend to be two
different users at one time.

Re: run ssh in a setuid program

Steven E. Protter — Mon, 09 Oct 2006 13:32:23 GMT

Shalom,

Having two users involved in a password free transaction is difficult and not really recommended.

If you are being prompted for a passphrase then when you set up your id_dsa.pub or id_rsa.pub you or the user entered a passphrase.

Try doing the ssh-keygen command again without a passphrase and see if that helps.

There is nothing intrinsic to ssh that should be causing this issue.
SEP