[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[atomic-devel] incorrect permissions
- From: Scott Collier <emailscottcollier gmail com>
- To: atomic-devel projectatomic io
- Subject: [atomic-devel] incorrect permissions
- Date: Fri, 03 Apr 2015 00:34:38 -0500
I was testing cockpit on the F22 Atomic image and ran into this issue.
Cockpit would start, but I could not connect to it because SSH was
having a problem. The error cockpit gave after trying to login to the
web interface was:
"Couldn't connect or authenticate: no-host"
This may have been brought up before, I didn't dig into existing issues.
The problem was permissions on these two files:
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_rsa_key
The message from "systemctl status sshd" was:
# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled;
vendor preset: enabled)
Active: active (running) since Fri 2015-04-03 05:27:21 UTC; 7s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 5183 (sshd)
Memory: 844.0K
CGroup: /system.slice/sshd.service
└─5183 /usr/sbin/sshd -D
Apr 03 05:27:21 atomic-00.localdomain sshd[5183]:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 03 05:27:21 atomic-00.localdomain sshd[5183]: @ WARNING:
UNPROTECTED PRIVATE KEY FILE! @
Apr 03 05:27:21 atomic-00.localdomain sshd[5183]:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 03 05:27:21 atomic-00.localdomain sshd[5183]: Permissions 0640 for
'/etc/ssh/ssh_host_rsa_key' are too open.
Apr 03 05:27:21 atomic-00.localdomain sshd[5183]: It is required that
your private key files are NOT accessible by others.
Apr 03 05:27:21 atomic-00.localdomain sshd[5183]: This private key will
be ignored.
Apr 03 05:27:21 atomic-00.localdomain sshd[5183]: key_load_private: bad
permissions
Apr 03 05:27:21 atomic-00.localdomain sshd[5183]: Could not load host
key: /etc/ssh/ssh_host_rsa_key
Apr 03 05:27:21 atomic-00.localdomain sshd[5183]: Server listening on
0.0.0.0 port 22.
Apr 03 05:27:21 atomic-00.localdomain sshd[5183]: Server listening on ::
port 22.
So, I changes the permissions on both files to 600 and restarted sshd,
then cockpit was able to connect.
Version:
# atomic host status
TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC
* 2015-04-02 10:45:23 22.29 0db0777dfb fedora-atomic
fedora-atomic:fedora-atomic/f22/x86_64/docker-host
2015-03-05 11:02:11 22.6 e1e60980f1 fedora-atomic
fedora-atomic:fedora-atomic/f22/x86_64/docker-host
-scott
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]