Problem with sshd host key checking, for my own build with custom prefix
Jesse Armand
mnemonic.fx at gmail.com
Wed Oct 8 12:34:45 EST 2008
Additional info:
I was building openssh on Mac OS X 10.5 for arm-apple-darwin host.
But I didn't change anything in the code, I only did some adjustments
on configure.ac and Makefile.in, with appropriate LDFLAGS, and CFLAGS,
and I also used openssl-0.9.8g built for arm-apple-darwin host.
Jesse Armand
----------------------------------------
(http://jessearm.blogspot.com)
On Wed, Oct 8, 2008 at 8:30 AM, Jesse Armand <mnemonic.fx at gmail.com> wrote:
> Hello openssh developers,
>
> I was builiding openssh-4.7p, and it builds successfully with my own
> prefix (--prefix=/path/to/sshd).
> The problem is when I execute sshd, it warns about permission being too open:
>
> hostname:/path root# /path/to/sshd -t -f /path/to/sshd_config
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0534 for '(null)' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: /path/to/ssh_host_key
> Could not load host key: /path/to/ssh_host_key
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0536 for '(null)' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: /path/to/ssh_host_rsa_key
> Could not load host key: /path/to/ssh_host_rsa_key
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0532 for '(null)' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: /path/to/ssh_host_dsa_key
> Could not load host key: /path/to/ssh_host_dsa_key
> Disabling protocol version 1. Could not load host key
> sshd: no hostkeys available -- exiting.
>
> This is the host keys file permissions:
> -rw------- 1 root wheel 672 Oct 7 10:11 ssh_host_dsa_key
> -rw-r--r-- 1 root wheel 609 Oct 7 10:11 ssh_host_dsa_key.pub
> -rw------- 1 root wheel 982 Oct 7 10:11 ssh_host_key
> -rw-r--r-- 1 root wheel 646 Oct 7 10:11 ssh_host_key.pub
> -rw------- 1 root wheel 1675 Oct 7 10:11 ssh_host_rsa_key
> -rw-r--r-- 1 root wheel 401 Oct 7 10:11 ssh_host_rsa_key.pub
>
> Does anybody knows what went wrong?
>
> Other than that why does the sshd checks for host keys in
> /path/to/ssh, instead of /path/to/ssh/etc, which is the give
> sysconfdir ?
> So I have to manually copy everything to the parent directory.
>
>
> Jesse Armand
> ----------------------------------------
> (http://jessearm.blogspot.com)
>
More information about the openssh-unix-dev
mailing list