It appears to me that there was an error while integrating
crypto/dist/ssh/auth.c, which says it's derived from
OpenBSD's version 1.75
In secure_filename(), starting at line 460 (in the NetBSD
version), the function bails out if the home directory does
not exist. Then, at line 465, it specifically handles the
case of a non-existing home directory.
OpenBSD's version 1.75 simply lacks the block at NetBSD's
lines 460-464.
This hit me when I tried to set up public key authentication
on a server with no home directories mounted, but
AuthorizedKeysFile set to
/usr/local/etc/sshd/authorized_keys/%u in sshd_config.
I also notice that the check for account/password expiration
that hit me on Friday is not present in the OpenBSD
version.
|
