Free Downloads, Community Forum,
FAQs and Developer Resources


Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums Register Login Search Subscriptions My Profile Inbox
Tool Warehouse FAQs Resources Help Member List Address Book Logout

openssh permissions

 
Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Windows - UNIX Interop] >> System & Network Admin Forum >> openssh permissions Page: [1]
Login
Message << Older Topic   Newer Topic >>
openssh permissions - Aug. 22, '05, 8:02:47 AM   
mnorris

 

Posts: 22
Joined: Jul. 16, '04,
Status: offline
When updating openssh I get the following messages:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0775 for '/usr/local/etc/ssh_host_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0775 for '/usr/local/etc/ssh_host_rsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0775 for '/usr/local/etc/ssh_host_dsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /usr/local/etc/ssh_host_dsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.



What are the proper permissions?

Regards,
MNorris
Post #: 1
RE: openssh permissions - Aug. 22, '05, 9:33:39 AM   
Rodney

 

Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
These files are generated at installation unless they exist from a previous installation.
These contain the keys exchanged with ssh clients to authenticate.
At installation the key generate is run in case the files don't exist. If the
files do exist the permissions check is done. The permissions should be 0600 with
an owner of Administrator (group of +Administrators). If the permissions are more
permissive than 0600 (and 0775 is) then that's a sign that the files have been either
fiddled with or that possibly someone who should be looking at the keys can; a potential
security problem. So the files get ignored.

Note that if you force a regeneration of the files the keys for the server will change
and all clients that have previously connected will (or should) get a warning when
they connect. Changed keys can be a sign of a security problem such as a "man-in-the-middle"
or IP spoof. So clients connecting should treat such warning messages seriously.

(in reply to mnorris)
Post #: 2
Page:   [1]
All Forums >> [Windows - UNIX Interop] >> System & Network Admin Forum >> openssh permissions Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Search All Forums -

Advanced search


SPONSORS



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.031