bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-10 04:58 UTC
[Bug 1694] New: If authorized_keys exists but can not be opened, this should be logged on server
https://bugzilla.mindrot.org/show_bug.cgi?id=1694
Summary: If authorized_keys exists but can not be opened, this
should be logged on server
Product: Portable OpenSSH
Version: 5.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: rafal.maj.it at gmail.com
If authorized_keys exists, but has chmod 000, or .ssh has chmod 000 or
600, or for other reason it can not be read by server, then there is
little clue, in the logs, what is going on.
Just:
debug1: trying public key file /home/userfoo/.ssh/authorized_keys
debug1: restore_uid: 0/0
Admin should be informed that there was some problem accessing
authorized_keys (other then not-existing file).
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-10 05:04 UTC
[Bug 1694] If authorized_keys exists but can not be opened, this should be logged on server
https://bugzilla.mindrot.org/show_bug.cgi?id=1694 --- Comment #1 from Rafa? Maj <rafal.maj.it at gmail.com> 2010-01-10 16:04:18 EST --- Also in Ubuntu https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/505301 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-10 05:06 UTC
[Bug 1694] If authorized_keys exists but can not be opened, this should be logged on server
https://bugzilla.mindrot.org/show_bug.cgi?id=1694 --- Comment #2 from Rafa? Maj <rafal.maj.it at gmail.com> 2010-01-10 16:06:33 EST --- Created an attachment (id=1771) --> (https://bugzilla.mindrot.org/attachment.cgi?id=1771) More log/debug about why authorized_keys could not be used This will provide more information. On DebugLevel INFO it will only inform when there was I/O error when accessing existing .ssh/authorized_keys file (like, 000 permitions etc) On DEBUG3 it will also inform if the file simply was not existing to make full log clear about this. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-10 07:08 UTC
[Bug 1694] If authorized_keys exists but can not be opened, this should be logged on server
https://bugzilla.mindrot.org/show_bug.cgi?id=1694
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
Blocks| |1626
--- Comment #3 from Darren Tucker <dtucker at zip.com.au> 2010-01-10
18:08:35 EST ---
The keyfile not existing is not unusual (it's the default state) and is
probably not worth mentioning. Adding a debug message for the rest
seems reasonable as long as we don't editorialize too much.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-10 07:09 UTC
[Bug 1694] If authorized_keys exists but can not be opened, this should be logged on server
https://bugzilla.mindrot.org/show_bug.cgi?id=1694 --- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2010-01-10 18:09:43 EST --- Created an attachment (id=1772) --> (https://bugzilla.mindrot.org/attachment.cgi?id=1772) ssh-pubkey-debug.patch Output a debug if we can't open an existing keyfile. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-10 07:18 UTC
[Bug 1694] If authorized_keys exists but can not be opened, this should be logged on server
https://bugzilla.mindrot.org/show_bug.cgi?id=1694
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #5 from Darren Tucker <dtucker at zip.com.au> 2010-01-10
18:18:51 EST ---
Patch #1772 has been applied and will be in the 5.4 release. Thanks
for the report.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Mar-25 23:51 UTC
[Bug 1694] If authorized_keys exists but can not be opened, this should be logged on server
https://bugzilla.mindrot.org/show_bug.cgi?id=1694
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #6 from Darren Tucker <dtucker at zip.com.au> 2010-03-26
10:51:26 EST ---
With the release of 5.4p1, this bug is now considered closed.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.