HPE Community
Operating System - HP-UX
1833501 Members
2850 Online
110052 Solutions
New Discussion

Re: run ssh in a setuid program

 
Raymond Yip
Frequent Advisor

‎10-05-2006 06:49 PM

‎10-05-2006 06:49 PM

run ssh in a setuid program

I have a setuid program which spawns to run ssh. The problem is, ssh seems not be able to read the key file if the key file is readable only to the user of the setuid program. Ssh asks for the passphrase of the key file, which is actually not password protected. I tried changing the permission of the key file to world readable. Then ssh could read the key file and connected to the server without a password.

Why is this so?
0 Kudos
Reply
3 REPLIES 3
Calandrello
Trusted Contributor

‎10-09-2006 06:20 AM

‎10-09-2006 06:20 AM

Re: run ssh in a setuid program

Raymond
you insert its key in file .ssh of user ?

0 Kudos
Reply
Steven Schweda
Honored Contributor

‎10-09-2006 06:29 AM

‎10-09-2006 06:29 AM

Re: run ssh in a setuid program

>I have a setuid program which spawns to run
> ssh.

So when this program is running, it acts as
if it were being run by a user with the
program's uid, not the actual user's uid.

> [..] ssh seems not be able to read the key
> file if the key file is readable only to
> the user of the setuid program.

Which is as it should be. A user with the
program's uid should not be able to read a
file which only the actual user can read.

It may not be easy to pretend to be two
different users at one time.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-09-2006 06:32 AM

‎10-09-2006 06:32 AM

Re: run ssh in a setuid program

Shalom,

Having two users involved in a password free transaction is difficult and not really recommended.

If you are being prompted for a passphrase then when you set up your id_dsa.pub or id_rsa.pub you or the user entered a passphrase.

Try doing the ssh-keygen command again without a passphrase and see if that helps.

There is nothing intrinsic to ssh that should be causing this issue.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.