Am 23.01.2013 18:38, schrieb Bill Davidsen: > Tom Horsley wrote: >> I spent hours at work today getting sshd to function on >> my desktop which I just switched to booting from the >> fedora 18 partition. I finally discovered this: >> >> [root@zooty ~]# ls -l /etc/ssh >> total 276 >> -rw------- 1 root root 245058 Dec 3 11:43 moduli >> -rw-r--r-- 1 root root 2104 Dec 3 11:43 ssh_config >> -r--------. 1 root ssh_keys 668 Dec 5 20:35 ssh_host_dsa_key >> -rw-r--r--. 1 root root 590 Dec 5 20:35 ssh_host_dsa_key.pub >> -r--------. 1 root ssh_keys 963 Dec 5 20:35 ssh_host_key >> -rw-r--r--. 1 root root 627 Dec 5 20:35 ssh_host_key.pub >> -r--------. 1 root ssh_keys 1675 Dec 5 20:35 ssh_host_rsa_key >> -rw-r--r--. 1 root root 382 Dec 5 20:35 ssh_host_rsa_key.pub >> -rw------- 1 root root 4615 Dec 26 14:47 sshd_config >> >> The private key files now want to be group "ssh_keys". >> >> If, like me, you've been copying your /etc/ssh host key files >> from release to release in order to preserve your machine's >> ssh identity, then you may not have the group correct after >> the copy (depending on if you overwrite or replace). >> >> Without the correct group on the hostkey files, every attempt >> at an ssh connection of any kind results in a "connection >> closed" error and much confusion :-). >> > Since no one but root can get at these files anyway, it smacks of "security thru obscurity" for sure. There's no > extra access to be had, just more change for the sake of change. The upgrade process remains to be badly broken, it > seems. > > The more I learn about fc18, the more I'm convinced that the whole install or upgrade area did not get proper > attention. and testing. it is simply not generally true in case of sshd because how would my 7 until now with yum from F17 to F18 upgraded machines with the permissions below work? maybe some SELinux thing! openssh-server-6.1p1-4.fc18.x86_64 [root@rh:~]$ ls /etc/ssh/ insgesamt 304K -rw------- 1 root root 240K 2012-12-03 17:43 moduli -rw-r--r-- 1 root root 25K 2013-01-15 11:25 ssh_config -rw------- 1 root root 2,0K 2012-11-16 01:43 sshd_config -rw------- 1 root root 668 2008-05-16 00:04 ssh_host_dsa_key -rw------- 1 root root 963 2008-05-16 00:04 ssh_host_key -rw------- 1 root root 1,7K 2008-05-16 00:04 ssh_host_rsa_key -rw-r--r-- 1 root root 590 2008-05-16 00:04 ssh_host_dsa_key.pub -rw-r--r-- 1 root root 627 2008-05-16 00:04 ssh_host_key.pub -rw-r--r-- 1 root root 382 2008-05-16 00:04 ssh_host_rsa_key.pub -rw------- 1 root root 4,3K 2012-12-03 17:43 sshd_config.rpmnew
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
