Bug#314649: Bug#314347: openssh-client: Bad owner or permissions on $HOME/.ssh/config check too aggressive
tags 314347 pending
thanks
On Wed, Jun 15, 2005 at 03:59:38PM -0500, Branden Robinson wrote:
1148 {0} [EMAIL PROTECTED]:~/packages/xorg-x11/svn/trunk/debian$ svn up
Bad owner or permissions on /home/branden/.ssh/config
svn: Connection closed unexpectedly
1149 {1} [EMAIL PROTECTED]:~/packages/xorg-x11/svn/trunk/debian$ l -l
$HOME/.ssh/config
-rw-rw-r-- 1 branden branden 125 Jun 26 2004 /home/branden/.ssh/config
1150 {0} [EMAIL PROTECTED]:~/packages/xorg-x11/svn/trunk/debian$ chmod 644
/home/branden/.ssh/config
1151 {0} [EMAIL PROTECTED]:~/packages/xorg-x11/svn/trunk/debian$ svn up
At revision 220.
I think that check is excessively paranoid.
Evidently I made all my ~/.ssh/config files mode 0644 ages ago for some
other reason, since I never noticed this change in behaviour ...
I can think of a few possibilities for resolving this bug:
[...]
2) Simply tolerate group-writable files if the group name in question is
identical to the user name.
3) Alternatively or additionally to 2), ensure that the user is the only
member of the group owning the group-writable file.
The combination of these two suggestions seems to be the best fix. I've
implemented this in CVS and sent a patch upstream.
5) As part of the many migrations done to the new openssh world order, walk
/home and chmod g-w on all .ssh/config files. Some people might
consider this intrusive, though, and it doesn't prevent the creation of
new accounts with this problem.
That would run into problems with NFS, too.
On Fri, Jun 17, 2005 at 12:59:45PM -0400, Frederic Briere wrote:
I assume this is an attempt to make sure ~/.ssh/config is 0600 or
something.
Actually, it's really to check that it's not *writable* by other
parties. The relevant ChangeLog entry says:
- [EMAIL PROTECTED] 2004/04/18 23:10:26
[readconf.c readconf.h ssh-keysign.c ssh.c]
perform strict ownership and modes checks for ~/.ssh/config files,
as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
* There's no mention of this behavior in the documentation
ssh(1) says:
$HOME/.ssh/config
This is the per-user configuration file. The file format
and configuration options are described in ssh_config(5).
Because of the potential for abuse, this file must have
strict permissions: read/write for the user, and not
accessible by others.
ssh_config(5) has similar text.
Cheers,
--
Colin Watson [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#314347: openssh-client: Bad owner or permissions on $HOME/.ssh/config check too aggressive
Package: openssh-client
Version: 1:4.1p1-3
Severity: important
Setting severity to important because this unexpectedly busted Subversion,
though I don't honestly believe it's a *critical* bug.
I just upgraded from sid as of about the time sarge released, and got a blitz
of new packages, including the new openssh-client package.
Here's a session transcript:
1148 {0} [EMAIL PROTECTED]:~/packages/xorg-x11/svn/trunk/debian$ svn up
Bad owner or permissions on /home/branden/.ssh/config
svn: Connection closed unexpectedly
1149 {1} [EMAIL PROTECTED]:~/packages/xorg-x11/svn/trunk/debian$ l -l
$HOME/.ssh/config
-rw-rw-r-- 1 branden branden 125 Jun 26 2004 /home/branden/.ssh/config
1150 {0} [EMAIL PROTECTED]:~/packages/xorg-x11/svn/trunk/debian$ chmod 644
/home/branden/.ssh/config
1151 {0} [EMAIL PROTECTED]:~/packages/xorg-x11/svn/trunk/debian$ svn up
At revision 220.
I think that check is excessively paranoid. I can think of a few
possibilities for resolving this bug:
1) Have the ssh client check to see if usergroups are configured in
adduser. Perhaps not a great solution because 1) it's complicated, and
2) this doesn't tell you anything about whether a particular user's
account was created with this property or not.
2) Simply tolerate group-writable files if the group name in question is
identical to the user name.
3) Alternatively or additionally to 2), ensure that the user is the only
member of the group owning the group-writable file.
4) Step this fatal error down to a warning. (I'd find it annoying,
though.)
5) As part of the many migrations done to the new openssh world order, walk
/home and chmod g-w on all .ssh/config files. Some people might
consider this intrusive, though, and it doesn't prevent the creation of
new accounts with this problem.
6) Tell everybody in my position tough cookie and add a NEWS item
advising people that the default umask with usergroups enabled in
adduser is just bad news for .ssh/config.
In any case:
7) It would be nice if the ssh client would identify itself before spewing
that message; e.g.:
ssh: bad owner or permissions on /home/branden/.ssh/config
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.9-powerpc-smp
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages openssh-client depends on:
ii adduser 3.63 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.51 Debian configuration management sy
ii dpkg 1.13.9 Package maintenance system for Deb
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libedit2 2.9.cvs.20050518-2 BSD editline and history libraries
ii libncurses5 5.4-6 Shared libraries for terminal hand
ii libssl0.9.7 0.9.7g-1 SSL shared libraries
ii zlib1g1:1.2.2-4 compression library - runtime
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
