Subject: crypto/dist/ssh/auth.c integration error?
To: None <tech-userlevel@NetBSD.org>
From: Edgar =?iso-8859-1?B?RnXf?= <email@example.com>
Date: 07/09/2007 17:45:21
It appears to me that there was an error while integrating crypto/dist/ssh/auth.c, which says it's derived from OpenBSD's version 1.75
In secure_filename(), starting at line 460 (in the NetBSD version), the function bails out if the home directory does not exist. Then, at line 465, it specifically handles the case of a non-existing home directory.
OpenBSD's version 1.75 simply lacks the block at NetBSD's lines 460-464.
This hit me when I tried to set up public key authentication on a server with no home directories mounted, but AuthorizedKeysFile set to /usr/local/etc/sshd/authorized_keys/%u in sshd_config.
I also notice that the check for account/password expiration that hit me on Friday is not present in the OpenBSD version.