Jesse Armand
2008-Oct-08 01:30 UTC
Problem with sshd host key checking, for my own build with custom prefix
Hello openssh developers, I was builiding openssh-4.7p, and it builds successfully with my own prefix (--prefix=/path/to/sshd). The problem is when I execute sshd, it warns about permission being too open: hostname:/path root# /path/to/sshd -t -f /path/to/sshd_config @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0534 for '(null)' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /path/to/ssh_host_key Could not load host key: /path/to/ssh_host_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0536 for '(null)' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /path/to/ssh_host_rsa_key Could not load host key: /path/to/ssh_host_rsa_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0532 for '(null)' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /path/to/ssh_host_dsa_key Could not load host key: /path/to/ssh_host_dsa_key Disabling protocol version 1. Could not load host key sshd: no hostkeys available -- exiting. This is the host keys file permissions: -rw------- 1 root wheel 672 Oct 7 10:11 ssh_host_dsa_key -rw-r--r-- 1 root wheel 609 Oct 7 10:11 ssh_host_dsa_key.pub -rw------- 1 root wheel 982 Oct 7 10:11 ssh_host_key -rw-r--r-- 1 root wheel 646 Oct 7 10:11 ssh_host_key.pub -rw------- 1 root wheel 1675 Oct 7 10:11 ssh_host_rsa_key -rw-r--r-- 1 root wheel 401 Oct 7 10:11 ssh_host_rsa_key.pub Does anybody knows what went wrong? Other than that why does the sshd checks for host keys in /path/to/ssh, instead of /path/to/ssh/etc, which is the give sysconfdir ? So I have to manually copy everything to the parent directory. Jesse Armand ---------------------------------------- (http://jessearm.blogspot.com)
Jesse Armand
2008-Oct-08 01:34 UTC
Problem with sshd host key checking, for my own build with custom prefix
Additional info: I was building openssh on Mac OS X 10.5 for arm-apple-darwin host. But I didn't change anything in the code, I only did some adjustments on configure.ac and Makefile.in, with appropriate LDFLAGS, and CFLAGS, and I also used openssl-0.9.8g built for arm-apple-darwin host. Jesse Armand ---------------------------------------- (http://jessearm.blogspot.com) On Wed, Oct 8, 2008 at 8:30 AM, Jesse Armand <mnemonic.fx at gmail.com> wrote:> Hello openssh developers, > > I was builiding openssh-4.7p, and it builds successfully with my own > prefix (--prefix=/path/to/sshd). > The problem is when I execute sshd, it warns about permission being too open: > > hostname:/path root# /path/to/sshd -t -f /path/to/sshd_config > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Permissions 0534 for '(null)' are too open. > It is recommended that your private key files are NOT accessible by others. > This private key will be ignored. > bad permissions: ignore key: /path/to/ssh_host_key > Could not load host key: /path/to/ssh_host_key > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Permissions 0536 for '(null)' are too open. > It is recommended that your private key files are NOT accessible by others. > This private key will be ignored. > bad permissions: ignore key: /path/to/ssh_host_rsa_key > Could not load host key: /path/to/ssh_host_rsa_key > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Permissions 0532 for '(null)' are too open. > It is recommended that your private key files are NOT accessible by others. > This private key will be ignored. > bad permissions: ignore key: /path/to/ssh_host_dsa_key > Could not load host key: /path/to/ssh_host_dsa_key > Disabling protocol version 1. Could not load host key > sshd: no hostkeys available -- exiting. > > This is the host keys file permissions: > -rw------- 1 root wheel 672 Oct 7 10:11 ssh_host_dsa_key > -rw-r--r-- 1 root wheel 609 Oct 7 10:11 ssh_host_dsa_key.pub > -rw------- 1 root wheel 982 Oct 7 10:11 ssh_host_key > -rw-r--r-- 1 root wheel 646 Oct 7 10:11 ssh_host_key.pub > -rw------- 1 root wheel 1675 Oct 7 10:11 ssh_host_rsa_key > -rw-r--r-- 1 root wheel 401 Oct 7 10:11 ssh_host_rsa_key.pub > > Does anybody knows what went wrong? > > Other than that why does the sshd checks for host keys in > /path/to/ssh, instead of /path/to/ssh/etc, which is the give > sysconfdir ? > So I have to manually copy everything to the parent directory. > > > Jesse Armand > ---------------------------------------- > (http://jessearm.blogspot.com) >