On 11/16/2010 06:19 PM, Kwan Lowe wrote: > On Tue, Nov 16, 2010 at 9:14 PM, Stephen Harris<lists at spuddy.org> wrote: >> Depends on the sshd_config; "UsePrivilegeSeparation yes" (which is >> normally the default) means that phase is run as the destination user >> and not as root. > > To clarify, the sshd listener runs as root and then drops privileges > once the user is authenticated.. The issue is specifically the root > squash across NFS filesystems which is normally set to disable root > privs on the mount (that, and noexec). I.e., even root has no privs > to validate the shared key. You are both incorrect. Key authentication *always* takes place as the user requesting login, regardless of the UsePrivilegeSeparation option. When using UsePrivilegeSeparation, sshd creates a separate process to handle the crypto and compression bits (primarily) of incoming traffic, in order to prevent privilege escalation. That option does not affect most authentication types (it is documented to interact with UseLogin, which is off by default). I'm not aware of any configuration where root_squash will prevent users from authenticating with keys.