wolfsshd: add StrictModes permission/ownership checks for authorized_keys and host key

[yosuke-wolfssl]

Description

Adds an OpenSSH StrictModes equivalent to wolfsshd, addressed by f_4114.

• authorized_keys is now refused (when StrictModes is on, the default)
  if the file or any parent directory up to the home directory is owned by
  another user or is group/world writable — the OpenSSH secure_filename
  model. This blocks local key-injection via a lax umask, a botched copy, or a
  writable ~/.ssh.
• Host private key is refused (when StrictModes is on) if it is
  group/world readable or writable — protecting the server secret from
  disclosure. Ownership is intentionally not enforced so a privileged daemon
  can use a key owned by an unprivileged service account.
• New StrictModes config directive (default yes), so admins can opt out
  per finding-recommended OpenSSH semantics.

Tests

• StrictModes yes/no/invalid parse vectors + default-on assertion in
  test_configuration.
• New test_CheckFilePermissions covering owner / group+world write / chain
  walk / host-key readability / missing file / NULL path. The wrong-owner
  assertion is skipped under uid 0 (root accepts root-owned files).
• start_sshd.sh tightens configured host keys to 600 at launch (git cannot
  store 0600), handling multiple keys and tab/space separators.

Verification

• Builds clean (--enable-sshd --enable-all), no warnings.
• test_configuration passes the new cases; rebuilt under ASan+UBSan with no
  reports.
• End-to-end: StrictModes yes + 0644 host key -> refused;
  StrictModes no + 0644 -> accepted.

Files

• apps/wolfsshd/auth.c, auth.h — helper + authorized_keys wiring
• apps/wolfsshd/configuration.c, configuration.h — StrictModes directive + getter
• apps/wolfsshd/wolfsshd.c — host-key check in SetupCTX
• apps/wolfsshd/test/test_configuration.c — unit tests
• apps/wolfsshd/test/start_sshd.sh — runtime host-key chmod

[Copilot]

Pull request overview

Adds an OpenSSH-like StrictModes enforcement path to wolfsshd to harden key handling (authorized keys and host private keys) via permission/ownership checks, with config parsing and accompanying tests/scripts.

Changes:

• Introduces StrictModes config directive (default yes) and plumbs it through configuration parsing/getters.
• Adds wolfSSHD_CheckFilePermissions() and enforces it for authorized_keys (ownership + non-writable + parent chain walk) and the host private key (non-readable/writable by group/world).
• Extends unit tests and adjusts the test launcher script to chmod host keys at runtime.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
apps/wolfsshd/wolfsshd.c	Enforces StrictModes checks for host private key before loading it.
apps/wolfsshd/test/test_configuration.c	Adds StrictModes parse/default tests and new permission-check unit test (non-Windows).
apps/wolfsshd/test/start_sshd.sh	Tightens host key permissions at test runtime prior to launching wolfsshd.
apps/wolfsshd/configuration.h	Exposes wolfSSHD_ConfigGetStrictModes().
apps/wolfsshd/configuration.c	Implements StrictModes storage/default, parsing, and getter.
apps/wolfsshd/auth.h	Declares wolfSSHD_CheckFilePermissions().
apps/wolfsshd/auth.c	Implements permission/ownership checks and wires StrictModes into authorized_keys lookup.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #1010

Scan targets checked: wolfssh-bugs, wolfssh-src

No new issues found in the changed files. ✅