openssh bugs - Mar 2015 - [Bug 2364] New: Incorrect .ssh parent directory permissions not logged

https://bugzilla.mindrot.org/show_bug.cgi?id=2364

            Bug ID: 2364
           Summary: Incorrect .ssh parent directory permissions not logged
           Product: Portable OpenSSH
           Version: 6.6p1
          Hardware: ix86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: murph.murphy at oracle.com

Created attachment 2566
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2566&action=edit
Output of ssh -v

Overview
  Attempting to ssh (using a key) into a machine that has correct .ssh
  folder permissions but incorrect home directory permissions results
in 
  unexpected behaviour. Instead of logging a message about incorrect 
  permissions, it logs attempts to try keyfiles that don't exist 
  interspersed with messages about which auth methods can continue.

Steps to Reproduce
  1) Set up (rsa) keys between client and server normally.
  2) Set server home directory to world writable.
  3) Attempt to ssh to the server.

Expected Results
  Fails to password, but prints a line in the verbose output about the
  reason being incorrect .ssh parent folder permissions.

Actual Results
  Asks for a password to log in. Verbose mode shows that it is trying a
  several keys that both exist and don't exist, printing a message 
  about what auth modes are allowed, but no information about incorrect 
  permissions.

Versioning
  Server
     OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
  Client
     OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014
  The exact same problem occurs between two machines on
  OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 as well.

Additional Information

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2364

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au

--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Murph Murphy from comment #0)
>    Server
>      OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
That's a 5+ year old version of the server and I think the problem you
are reporting was fixed a bit over 4 years ago:

https://anongit.mindrot.org/openssh.git/commit/?id=48147d6801be6b9158c4bcedce6c67b0d591d642

Can you reproduce the problem with a current version on the server
side?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2364

Murph Murphy <murph.murphy at oracle.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED

--- Comment #2 from Murph Murphy <murph.murphy at oracle.com> ---
Nope! Don't know how I missed that update, couldn't find anything in my
search before I posted.

Thanks!

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2364

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.