Tom Horsley wrote:
I spent hours at work today getting sshd to function on
my desktop which I just switched to booting from the
fedora 18 partition. I finally discovered this:
[root@zooty ~]# ls -l /etc/ssh
total 276
-rw------- 1 root root 245058 Dec 3 11:43 moduli
-rw-r--r-- 1 root root 2104 Dec 3 11:43 ssh_config
-r--------. 1 root ssh_keys 668 Dec 5 20:35 ssh_host_dsa_key
-rw-r--r--. 1 root root 590 Dec 5 20:35 ssh_host_dsa_key.pub
-r--------. 1 root ssh_keys 963 Dec 5 20:35 ssh_host_key
-rw-r--r--. 1 root root 627 Dec 5 20:35 ssh_host_key.pub
-r--------. 1 root ssh_keys 1675 Dec 5 20:35 ssh_host_rsa_key
-rw-r--r--. 1 root root 382 Dec 5 20:35 ssh_host_rsa_key.pub
-rw------- 1 root root 4615 Dec 26 14:47 sshd_config
The private key files now want to be group "ssh_keys".
If, like me, you've been copying your /etc/ssh host key files
from release to release in order to preserve your machine's
ssh identity, then you may not have the group correct after
the copy (depending on if you overwrite or replace).
Without the correct group on the hostkey files, every attempt
at an ssh connection of any kind results in a "connection
closed" error and much confusion :-).
Since no one but root can get at these files anyway, it smacks of "security thru
obscurity" for sure. There's no extra access to be had, just more change for the
sake of change. The upgrade process remains to be badly broken, it seems.
The more I learn about fc18, the more I'm convinced that the whole install or
upgrade area did not get proper attention. and testing.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
