Problem with sshd host key checking,for my own build with custom prefix - openssh

This is a discussion on Problem with sshd host key checking,for my own build with custom prefix - openssh ; Hello openssh developers, I was builiding openssh-4.7p, and it builds successfully with my own prefix (--prefix=/path/to/sshd). The problem is when I execute sshd, it warns about permission being too open: hostname:/path root# /path/to/sshd -t -f /path/to/sshd_config @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ @ WARNING: ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Problem with sshd host key checking,for my own build with custom prefix

  1. Problem with sshd host key checking,for my own build with custom prefix

    Hello openssh developers,

    I was builiding openssh-4.7p, and it builds successfully with my own
    prefix (--prefix=/path/to/sshd).
    The problem is when I execute sshd, it warns about permission being too open:

    hostname:/path root# /path/to/sshd -t -f /path/to/sshd_config
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    Permissions 0534 for '(null)' are too open.
    It is recommended that your private key files are NOT accessible by others.
    This private key will be ignored.
    bad permissions: ignore key: /path/to/ssh_host_key
    Could not load host key: /path/to/ssh_host_key
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    Permissions 0536 for '(null)' are too open.
    It is recommended that your private key files are NOT accessible by others.
    This private key will be ignored.
    bad permissions: ignore key: /path/to/ssh_host_rsa_key
    Could not load host key: /path/to/ssh_host_rsa_key
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    Permissions 0532 for '(null)' are too open.
    It is recommended that your private key files are NOT accessible by others.
    This private key will be ignored.
    bad permissions: ignore key: /path/to/ssh_host_dsa_key
    Could not load host key: /path/to/ssh_host_dsa_key
    Disabling protocol version 1. Could not load host key
    sshd: no hostkeys available -- exiting.

    This is the host keys file permissions:
    -rw------- 1 root wheel 672 Oct 7 10:11 ssh_host_dsa_key
    -rw-r--r-- 1 root wheel 609 Oct 7 10:11 ssh_host_dsa_key.pub
    -rw------- 1 root wheel 982 Oct 7 10:11 ssh_host_key
    -rw-r--r-- 1 root wheel 646 Oct 7 10:11 ssh_host_key.pub
    -rw------- 1 root wheel 1675 Oct 7 10:11 ssh_host_rsa_key
    -rw-r--r-- 1 root wheel 401 Oct 7 10:11 ssh_host_rsa_key.pub

    Does anybody knows what went wrong?

    Other than that why does the sshd checks for host keys in
    /path/to/ssh, instead of /path/to/ssh/etc, which is the give
    sysconfdir ?
    So I have to manually copy everything to the parent directory.


    Jesse Armand
    ----------------------------------------
    (http://jessearm.blogspot.com)
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  2. Re: Problem with sshd host key checking,for my own build with custom prefix

    Additional info:

    I was building openssh on Mac OS X 10.5 for arm-apple-darwin host.

    But I didn't change anything in the code, I only did some adjustments
    on configure.ac and Makefile.in, with appropriate LDFLAGS, and CFLAGS,
    and I also used openssl-0.9.8g built for arm-apple-darwin host.

    Jesse Armand
    ----------------------------------------
    (http://jessearm.blogspot.com)



    On Wed, Oct 8, 2008 at 8:30 AM, Jesse Armand wrote:
    > Hello openssh developers,
    >
    > I was builiding openssh-4.7p, and it builds successfully with my own
    > prefix (--prefix=/path/to/sshd).
    > The problem is when I execute sshd, it warns about permission being too open:
    >
    > hostname:/path root# /path/to/sshd -t -f /path/to/sshd_config
    > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    > Permissions 0534 for '(null)' are too open.
    > It is recommended that your private key files are NOT accessible by others.
    > This private key will be ignored.
    > bad permissions: ignore key: /path/to/ssh_host_key
    > Could not load host key: /path/to/ssh_host_key
    > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    > Permissions 0536 for '(null)' are too open.
    > It is recommended that your private key files are NOT accessible by others.
    > This private key will be ignored.
    > bad permissions: ignore key: /path/to/ssh_host_rsa_key
    > Could not load host key: /path/to/ssh_host_rsa_key
    > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    > Permissions 0532 for '(null)' are too open.
    > It is recommended that your private key files are NOT accessible by others.
    > This private key will be ignored.
    > bad permissions: ignore key: /path/to/ssh_host_dsa_key
    > Could not load host key: /path/to/ssh_host_dsa_key
    > Disabling protocol version 1. Could not load host key
    > sshd: no hostkeys available -- exiting.
    >
    > This is the host keys file permissions:
    > -rw------- 1 root wheel 672 Oct 7 10:11 ssh_host_dsa_key
    > -rw-r--r-- 1 root wheel 609 Oct 7 10:11 ssh_host_dsa_key.pub
    > -rw------- 1 root wheel 982 Oct 7 10:11 ssh_host_key
    > -rw-r--r-- 1 root wheel 646 Oct 7 10:11 ssh_host_key.pub
    > -rw------- 1 root wheel 1675 Oct 7 10:11 ssh_host_rsa_key
    > -rw-r--r-- 1 root wheel 401 Oct 7 10:11 ssh_host_rsa_key.pub
    >
    > Does anybody knows what went wrong?
    >
    > Other than that why does the sshd checks for host keys in
    > /path/to/ssh, instead of /path/to/ssh/etc, which is the give
    > sysconfdir ?
    > So I have to manually copy everything to the parent directory.
    >
    >
    > Jesse Armand
    > ----------------------------------------
    > (http://jessearm.blogspot.com)
    >

    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


+ Reply to Thread