All Forums |
Register |
Login |
Search |
Subscriptions |
My Profile |
Inbox |
Tool Warehouse |
FAQs |
Resources |
Help |
Member List |
Address Book |
Logout |
|
|
openssh permissions
|
Logged in as: Guest |
Users viewing this topic: none |
|
Login  |
|
|
openssh permissions - Aug. 22, '05, 8:02:47 AM
|
|
|
mnorris
Posts: 22
Joined: Jul. 16, '04,
Status: offline
|
When updating openssh I get the following messages:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0775 for '/usr/local/etc/ssh_host_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0775 for '/usr/local/etc/ssh_host_rsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0775 for '/usr/local/etc/ssh_host_dsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /usr/local/etc/ssh_host_dsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
What are the proper permissions?
Regards,
MNorris
|
|
|
RE: openssh permissions - Aug. 22, '05, 9:33:39 AM
|
|
|
Rodney
Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
These files are generated at installation unless they exist from a previous installation.
These contain the keys exchanged with ssh clients to authenticate.
At installation the key generate is run in case the files don't exist. If the
files do exist the permissions check is done. The permissions should be 0600 with
an owner of Administrator (group of +Administrators). If the permissions are more
permissive than 0600 (and 0775 is) then that's a sign that the files have been either
fiddled with or that possibly someone who should be looking at the keys can; a potential
security problem. So the files get ignored.
Note that if you force a regeneration of the files the keys for the server will change
and all clients that have previously connected will (or should) get a warning when
they connect. Changed keys can be a sign of a security problem such as a "man-in-the-middle"
or IP spoof. So clients connecting should treat such warning messages seriously.
|
|
|
New Messages |
No New Messages |
Hot Topic w/ New Messages |
Hot Topic w/o New Messages |
|
Locked w/ New Messages |
Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
|