[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[atomic-devel] SSH broken after rebase to f22 local build

From: Stef Walter <stefw redhat com>
To: Colin Walters <walters verbum org>, Stef Walter <stefw redhat com>, atomic-devel projectatomic io
Subject: [atomic-devel] SSH broken after rebase to f22 local build
Date: Fri, 27 Mar 2015 08:45:54 +0100

On 13.03.2015 13:16, Colin Walters wrote:
> On Sun, Mar 8, 2015, at 01:59 PM, Stef Walter wrote:
>>
>> Tried it out, and after the rebase/reboot I could no longer SSH into the
>> atomic host. sshd would drop my connection while negotiating host keys.
>> I don't have time to debug this right now, but suspect it is orthogonal
>> to Cockpit.
> 
> This was likely:
> https://git.fedorahosted.org/cgit/fedora-atomic.git/commit/?id=debbecbc6cec7ae494f26703d0ae28b2c53b0e26
> 
> Both rawhide and F22 now use F21's uid/gid assignments.

I still see a failure to SSH in due to "UNPROTECTED KEY FILE" with a
tree that was generated from a fedora-atomic.get f22 branch including
this commit.

(cherry-picked peer: 2931308a9034c9d752384f00ed2a4684610d0dbe)

> Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
> Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: It is recommended that your private key files are NOT accessible by others.
> Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: This private key will be ignored.
> Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: key_load_private: bad permissions
> Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
> Mar 27 07:36:18 myatomic.localdomain sshd[1121]: fatal: No supported key exchange algorithms [preauth]

All the private key files in /etc/ssh have 640 permissions.

Logging in on the console of the Atomic Host, and running this fixed the
issue:

# sudo chmod 600 /etc/ssh/*key

Obviously this is a bug that would cause remote Fedora Atomic Host's to
be unusable.

Stef

Follow-Ups:
- Re: [atomic-devel] SSH broken after rebase to f22 local build
  - From: Colin Walters

References:
- Re: [atomic-devel] Atomic including cockpit-bridge?
  - From: Colin Walters
- Re: [atomic-devel] Atomic including cockpit-bridge?
  - From: Stef Walter
- Re: [atomic-devel] Atomic including cockpit-bridge?
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]