GNU bug report logs - #67789
[PATCH] doc: Secure Shell: Add note about sshd and wrong permissions

Previous Next

Package: guix-patches;

Reported by: "zero <at> fedora" <shinyzero0 <at> tilde.club>

Date: Mon, 11 Dec 2023 23:37:01 UTC

Severity: normal

Tags: moreinfo, patch

To reply to this bug, email your comments to 67789 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#67789; Package guix-patches. (Mon, 11 Dec 2023 23:37:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to "zero <at> fedora" <shinyzero0 <at> tilde.club>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Mon, 11 Dec 2023 23:37:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "zero <at> fedora" <shinyzero0 <at> tilde.club>
To: guix-patches <at> gnu.org
Cc: "zero <at> fedora" <shinyzero0 <at> tilde.club>
Subject: [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions
Date: Tue, 12 Dec 2023 02:35:32 +0300

* doc/guix.texi (Home services: Secure Shell): Add note about sshd blocking connections because of wrong permissions
---
 doc/guix.texi | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 7dde9b727b..832fed3b97 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -44306,6 +44306,13 @@ predictable fashion, almost independently of state on the local machine.
 To do that, you instantiate @code{home-openssh-service-type} in your
 Home configuration, as explained below.
 
+@quotation Note
+Note that @command{sshd} will block any @command{ssh} connections to you if
+your files in @file{~/.ssh} have wrong permissions or ownership, as the ones
+created by this service do. To fix that, you need to set @code{StrictModes=no}
+in your @command{sshd} configuration
+@end quotation
+
 @defvar home-openssh-service-type
 This is the type of the service to set up the OpenSSH client.  It takes
 care of several things:
-- 
2.43.0
Information forwarded to guix-patches <at> gnu.org:
bug#67789; Package guix-patches. (Thu, 14 Dec 2023 13:44:01 GMT) Full text and rfc822 format available.

Message #8 received at 67789 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: "zero <at> fedora" <shinyzero0 <at> tilde.club>
Cc: 67789 <at> debbugs.gnu.org
Subject: Re: [bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and
 wrong permissions
Date: Thu, 14 Dec 2023 14:43:30 +0100

Hello,

"zero <at> fedora" <shinyzero0 <at> tilde.club> skribis:

> * doc/guix.texi (Home services: Secure Shell): Add note about sshd blocking connections because of wrong permissions

[...]

> +@quotation Note
> +Note that @command{sshd} will block any @command{ssh} connections to you if
> +your files in @file{~/.ssh} have wrong permissions or ownership, as the ones
> +created by this service do. To fix that, you need to set @code{StrictModes=no}
> +in your @command{sshd} configuration
> +@end quotation

I think we’d rather fix the permissions of those files than document the
bug.

On my laptop permissions seem to be good:

--8<---------------cut here---------------start------------->8---
$ ls -ld ~/.ssh/authorized_keys 
lrwxrwxrwx 1 ludo users 59 Dec 10 23:36 /home/ludo/.ssh/authorized_keys -> /gnu/store/k79g5iaaa7gij52nrbhjz6fqq7banzdz-authorized_keys
$ ls -ld ~/.ssh 
drwx------ 3 ludo users 4096 Dec 10 23:36 /home/ludo/.ssh/
$ ssh localhost uname
Linux
--8<---------------cut here---------------end--------------->8---

Maybe there are cases when this is not the case, maybe when ~/.ssh does
not exist prior to running ‘guix home reconfigure’?

Thanks,
Ludo’.
Added tag(s) moreinfo. Request was from Ludovic Courtès <ludo <at> gnu.org> to control <at> debbugs.gnu.org. (Thu, 14 Dec 2023 13:44:02 GMT) Full text and rfc822 format available.
Information forwarded to guix-patches <at> gnu.org:
bug#67789; Package guix-patches. (Fri, 15 Dec 2023 19:25:02 GMT) Full text and rfc822 format available.

Message #13 received at 67789 <at> debbugs.gnu.org (full text, mbox):

From: "ShinyZero0" <shinyzero0 <at> tilde.club>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 67789 <at> debbugs.gnu.org
Subject: Re: [bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and
 wrong permissions
Date: Fri, 15 Dec 2023 22:24:23 +0300

On Thu Dec 14, 2023 at 4:43 PM MSK, Ludovic Courtès wrote:
> On my laptop permissions seem to be good:
>
> --8<---------------cut here---------------start------------->8---
> $ ls -ld ~/.ssh/authorized_keys 
> lrwxrwxrwx 1 ludo users 59 Dec 10 23:36 /home/ludo/.ssh/authorized_keys -> /gnu/store/k79g5iaaa7gij52nrbhjz6fqq7banzdz-authorized_keys
> $ ls -ld ~/.ssh 
> drwx------ 3 ludo users 4096 Dec 10 23:36 /home/ludo/.ssh/
> $ ssh localhost uname
> Linux
> --8<---------------cut here---------------end--------------->8---
>
> Maybe there are cases when this is not the case, maybe when ~/.ssh does
> not exist prior to running ‘guix home reconfigure’?
>
> Thanks,
> Ludo’.

I'm using guix on foreign (Fedora) distro, obviously i had ~/.ssh
directory with right permissions before replacing it with guix-generated
one. Maybe it's vice versa: the permissions are wrong when the ~/.ssh is
being replaced?
Honestly, i thought it's unfixable, like, can we change
the permissions of a symlink?
Oh, and i checked my permissions, and they are the same. Maybe the
problem is in somewhere within my sshd?
Thanks,
Paul.
This bug report was last modified 1 year and 188 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.