Description of problem: After setting up monkeysphere to create /var/lib/monkeysphere/authorized_keys/* and configuring sshd to use these files, logging in with one of those keys fails. This is because sshd is rather fascist regarding who may write the authorized_keys files. In Debian (where monkeysphere is known to work) both /var/lib/monkeysphere and /var/lib/monkeysphere/authorized_keys are owned by root:root (mode 0755), whereas in Fedora they are owned by monkeysphere:monkeysphere (mode 0755). Version-Release number of selected component (if applicable): 0.35-3.fc14.noarch How reproducible: Always Steps to Reproduce: 1. Set up monkeysphere (watch out for #732191). 2. Add "AuthorizedKeysFile2 /var/lib/monkeysphere/authorized_keys/%u" [sic] and "LogLevel DEBUG" to /etc/ssh/sshd_config. 3. Restart sshd. 4. Try to log in via ssh using one of the monkeysphere managed keys for the user. 5. Check /var/log/secure for error messages. Actual results: Logging in via ssh fails. Error messages in /var/log/secure: Aug 20 16:51:09 bs-f14-i386 sshd[26329]: Authentication refused: bad ownership or modes for directory /var/lib/monkeysphere/authorized_keys Aug 20 16:51:09 bs-f14-i386 sshd[26329]: Authentication refused: bad ownership or modes for directory /var/lib/monkeysphere/authorized_keys Expected results: Logging in via ssh works. No error message in /var/log/secure. Additional info: After fixing ownership of /var/lib/monkeysphere/authorized_keys _and_ /var/lib/monkeysphere logging in via ssh works fine.
I have just taken over this package from orphaned state, and will be looking into this bug, and fixing it, soon.
The fix for this bug should be landing in updates-testing soon.
monkeysphere-0.35-5.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/monkeysphere-0.35-5.fc16
monkeysphere-0.35-5.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/monkeysphere-0.35-5.fc17
Package monkeysphere-0.35-5.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing monkeysphere-0.35-5.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-10773/monkeysphere-0.35-5.fc16 then log in and leave karma (feedback).
monkeysphere-0.35-5.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
monkeysphere-0.35-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.