RE: SSH Server permissions

D_at_7@k|N&
Date: 02/13/04

  • Next message: Randy Vice: "Re: pine & lynx"
    To: <fedora-list@redhat.com>
    Date: Thu, 12 Feb 2004 23:21:03 -0800
    
    

    I think the permissions are supposed to be set to 0600. If you delete
    the keys, then try to start sshd using the init scripts
    (/etc/init.d/sshd start), it will try to recreate the keys, and should
    set the appropriate permissions for you. But if not, I am pretty sure
    that the permissions should be set to 0600.

     

     <mailto:-=D@7@k|N> -=D@7@k|N&=-

    -----Original Message-----
    From: fedora-list-admin@redhat.com [mailto:fedora-list-admin@redhat.com]
    On Behalf Of Ragone_Andrew
    Sent: Thursday, February 12, 2004 8:15 PM
    To: fedora-list@redhat.com
    Subject: SSH Server permissions

     

    I keep gettin this error on start...I tried chmod 1775 but that doesnt
    work either...any ideas on what the perms are?

    Failed to start SSH server : Starting
    sshd:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
    WARNING: UNPROTECTED PRIVATE KEY FILE! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions
    0775 for '/etc/ssh/ssh_host_key' are too open. It is recommended that
    your private key files are NOT accessible by others. This private key
    will be ignored. bad permissions: ignore key: /etc/ssh/ssh_host_key
    Could not load host key: /etc/ssh/ssh_host_key
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING:
    UNPROTECTED PRIVATE KEY FILE! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions
    0775 for '/etc/ssh/ssh_host_rsa_key' are too open. It is recommended
    that your private key files are NOT accessible by others. This private
    key will be ignored. bad permissions: ignore key:
    /etc/ssh/ssh_host_rsa_key Could not load host key:
    /etc/ssh/ssh_host_rsa_key
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING:
    UNPROTECTED PRIVATE KEY FILE! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions
    0775 for '/etc/ssh/ssh_host_dsa_key' are too open. It is recommended
    that your private key files are NOT accessible by others. This private
    key will be ignored. bad permissions: ignore key:
    /etc/ssh/ssh_host_dsa_key Could not load host key:
    /etc/ssh/ssh_host_dsa_key Disabling protocol version 1. Could not load
    host key Disabling protocol version 2. Could not load host key sshd: no
    hostkeys available -- exiting. [FAILED]

    -- 
    fedora-list mailing list
    fedora-list@redhat.com
    To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
    

  • Next message: Randy Vice: "Re: pine & lynx"

    Relevant Pages

    • Re: authorized_keys in /tmp/.ssh?
      ... On Wed, 18 Oct 2006, Clem Taylor wrote: ... bad ownership or modes for directory /tmp". ... It seems that sshd is finding the absolute path of the ... permissions of the directory that contains the authorized_keys. ...
      (SSH)
    • Re: nx
      ... this chmod 644 - ANYBODY can read ... sshd will always refuse keyfiles with permissions too wide open ...
      (Fedora)
    • Re: ssh hangs on HPUX 10.20 when sending commands
      ... authentication problems because the permissions on my authorized_keys, ... I had enabled DEBUG3 error reporting in sshd. ... reintroduced the output restriction in syslog.conf but didn't return ... the output level in sshd to INFO. ...
      (comp.security.ssh)
    • Re: Copying files between hosts on the command line?
      ... SSH not working on my laptop. ... Can't remember the last time I SSHed into my laptop, ... How do I check is sshd is running? ... You get a "bad permissions: ignore key" error if the perms are wrong. ...
      (uk.comp.sys.mac)
    • Re: only root without password
      ... PH> This directory has world write permissions, meaning that any user ... PH> This directory has group write permissions, ... PH> I don't know the exact requirements that OpenSSH sshd has wrt to ... PH> certainly expect it to refuse to use a key if any path component ...
      (comp.security.ssh)