[Bug 3507] Cannot get host-based authentication to work
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Dec 8 11:32:13 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3507
--- Comment #20 from Thomas Koeller <thomas at koeller.dyndns.org> ---
(In reply to Iain Morgan from comment #19)
> This looks like a client-side issue to me.
>
> The client logs indicate that no host based authentication packet
> was sent. Since EnableSSHKeysign is set in the ssh_config, this
> probably means that the permissions are incorrect on either the
> ssh-keyskgn executable or the private host keys.
>
> Note that on Red Hat, ssh-keyskgn is normally setgid to group
> ssh_keys, and the private keys are expected to be readable by that
> group. Whereas, stock OpenSSH expects the private keys to be
> readable only by root and thus ssh-keyskgn should be setuid root.
This is correct, I figured that out, too:
[root at sarkovy ssh]# ls -l /usr/libexec/openssh/ssh-keysign
-r-xr-sr-x. 1 root ssh_keys 326064 29. Sep 13:45
/usr/libexec/openssh/ssh-keysign
So I reset the permissions on the key accordingly:
[root at sarkovy ssh]# ls -l /etc/ssh/ssh_host_ed25519_key
-rw-r-----. 1 root ssh_keys 419 6. Dez 23:11
/etc/ssh/ssh_host_ed25519_key
This did not help, and anyway, a fresh build of OpenSSH 9.1p1 exhibits
the same behavior.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list