From unknown Sun Jun 22 08:07:54 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions Resent-From: "zero@fedora" Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 11 Dec 2023 23:37:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 67789 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 67789@debbugs.gnu.org Cc: "zero@fedora" X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.17023377812914 (code B ref -1); Mon, 11 Dec 2023 23:37:01 +0000 Received: (at submit) by debbugs.gnu.org; 11 Dec 2023 23:36:21 +0000 Received: from localhost ([127.0.0.1]:54954 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rCpoz-0000kt-2k for submit@debbugs.gnu.org; Mon, 11 Dec 2023 18:36:21 -0500 Received: from lists.gnu.org ([2001:470:142::17]:50422) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rCpot-0000kZ-F8 for submit@debbugs.gnu.org; Mon, 11 Dec 2023 18:36:19 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rCpoW-0004nt-6F for guix-patches@gnu.org; Mon, 11 Dec 2023 18:35:52 -0500 Received: from tilde.club ([2607:5300:203:b92b::114]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rCpoU-0002tl-MR for guix-patches@gnu.org; Mon, 11 Dec 2023 18:35:51 -0500 Received: from fedora.. (unknown [77.91.85.198]) by tilde.club (Postfix) with ESMTPA id 997C322413BBB; Mon, 11 Dec 2023 23:35:46 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 tilde.club 997C322413BBB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tilde.club; s=mail; t=1702337747; bh=3ho5dTEodPUHrvvK5VUbaEyEkK1rCpx1BEVRK5HILaQ=; h=From:To:Cc:Subject:Date:From; b=DqBu9HV/gH9+OvcRXs6wF7DvCMn/cA2Fc5LdfaH+nGAkyGtSdRpBONp6imPa+DE12 CzWitlQEM6SMotYmRNGBtHnmgw2UHcOMfWY68NuUOsqOIB93vqcQZYiTi5sBSt9j7z hL7nomV7lIzwThDr8oKNUTcyNprxHp7JF8Hvu/HY= From: "zero@fedora" Date: Tue, 12 Dec 2023 02:35:32 +0300 Message-ID: <20231211233532.63690-1-shinyzero0@tilde.club> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:5300:203:b92b::114; envelope-from=shinyzero0@tilde.club; helo=tilde.club X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) * doc/guix.texi (Home services: Secure Shell): Add note about sshd blocking connections because of wrong permissions --- doc/guix.texi | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 7dde9b727b..832fed3b97 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -44306,6 +44306,13 @@ predictable fashion, almost independently of state on the local machine. To do that, you instantiate @code{home-openssh-service-type} in your Home configuration, as explained below. +@quotation Note +Note that @command{sshd} will block any @command{ssh} connections to you if +your files in @file{~/.ssh} have wrong permissions or ownership, as the ones +created by this service do. To fix that, you need to set @code{StrictModes=no} +in your @command{sshd} configuration +@end quotation + @defvar home-openssh-service-type This is the type of the service to set up the OpenSSH client. It takes care of several things: -- 2.43.0 From unknown Sun Jun 22 08:07:54 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 14 Dec 2023 13:44:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67789 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: "zero@fedora" Cc: 67789@debbugs.gnu.org Received: via spool by 67789-submit@debbugs.gnu.org id=B67789.170256142228422 (code B ref 67789); Thu, 14 Dec 2023 13:44:01 +0000 Received: (at 67789) by debbugs.gnu.org; 14 Dec 2023 13:43:42 +0000 Received: from localhost ([127.0.0.1]:49004 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rDm05-0007OM-Hw for submit@debbugs.gnu.org; Thu, 14 Dec 2023 08:43:41 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:52164) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rDm03-0007O8-TL for 67789@debbugs.gnu.org; Thu, 14 Dec 2023 08:43:40 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rDlzx-0005Eb-KL; Thu, 14 Dec 2023 08:43:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=a1XakrFsCsNaXYfieJYScJP3De8x5v5ttrQmFq9HjJs=; b=YIL5pCy5NRgYewNOFb8A /dRnVJkWWSt1u7OpPFFgUfCYqY/VHaMdkeQxcfkURaKQjCXobTdmhc2844yMl+DM2izkRPGb+kz64 aMyrLH2ZS4/9UFNbNv9KUjgNtogpxpHBm+q9lDe95uzyeN9AtbOUriyBrYsFFjyxoTaAAnYtWt/VL EKpST2FnchXanhIsVUEDMURLBIfVBj1sQf0PiasDmWvw8Yvou6DuClyIN7w99DvV4gehtOju7z/qy RoGF7yp2oMKCA8nuWQ4lc8DCeKgHhFLrxfTlcnAGPYGenXDMWMIxIgKPrRColtL9i//c5ohoeejJb mWEJNX0NZj9msA==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: <20231211233532.63690-1-shinyzero0@tilde.club> (shinyzero0@tilde.club's message of "Tue, 12 Dec 2023 02:35:32 +0300") References: <20231211233532.63690-1-shinyzero0@tilde.club> Date: Thu, 14 Dec 2023 14:43:30 +0100 Message-ID: <87le9wx5kt.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, "zero@fedora" skribis: > * doc/guix.texi (Home services: Secure Shell): Add note about sshd blocki= ng connections because of wrong permissions [...] > +@quotation Note > +Note that @command{sshd} will block any @command{ssh} connections to you= if > +your files in @file{~/.ssh} have wrong permissions or ownership, as the = ones > +created by this service do. To fix that, you need to set @code{StrictMod= es=3Dno} > +in your @command{sshd} configuration > +@end quotation I think we=E2=80=99d rather fix the permissions of those files than documen= t the bug. On my laptop permissions seem to be good: --8<---------------cut here---------------start------------->8--- $ ls -ld ~/.ssh/authorized_keys=20 lrwxrwxrwx 1 ludo users 59 Dec 10 23:36 /home/ludo/.ssh/authorized_keys -> = /gnu/store/k79g5iaaa7gij52nrbhjz6fqq7banzdz-authorized_keys $ ls -ld ~/.ssh=20 drwx------ 3 ludo users 4096 Dec 10 23:36 /home/ludo/.ssh/ $ ssh localhost uname Linux --8<---------------cut here---------------end--------------->8--- Maybe there are cases when this is not the case, maybe when ~/.ssh does not exist prior to running =E2=80=98guix home reconfigure=E2=80=99? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 14 08:43:45 2023 Received: (at control) by debbugs.gnu.org; 14 Dec 2023 13:43:45 +0000 Received: from localhost ([127.0.0.1]:49008 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rDm08-0007Ob-Tp for submit@debbugs.gnu.org; Thu, 14 Dec 2023 08:43:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:52178) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rDm07-0007OC-Dh for control@debbugs.gnu.org; Thu, 14 Dec 2023 08:43:43 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rDm02-0005F5-DY for control@debbugs.gnu.org; Thu, 14 Dec 2023 08:43:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:Subject:From:To:Date:in-reply-to: references; bh=7BbPxX4Ko3Z0iHT67vfuaPlZQ7Qme9kfjdxYRePEb84=; b=kxXYB96GYYKW+b OweH3zlX601yh7Pm8K7nrMFLQM778hKNK1bMojTa1uFDemIhain+n/rwJjMEsWfWRQ+96G9DYN9sd gNSulfubfrLjaoiqFxAJOapPF0oseh0EHYchmXaHlP15lmMf3Qp1QOGK2oc283kCEFSBKogAGoohq lisoE7o1/53FX3nF7U2HdPDlYAL6b1oqg/WDcJuEAn7fKLGdILuYijzG1o7HOe07PHs6w0LH5MSOK 8yqYxzNhBaayVMi926Pz5+gUfQD9e8jsF7YfiJsZd1x07njL03rE7UJHv7hepZDTOs2QHGeN9w58X mJg/IUGMQkJylvLELaFw==; Date: Thu, 14 Dec 2023 14:43:36 +0100 Message-Id: <87jzpgx5kn.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #67789 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) tags 67789 + moreinfo quit From unknown Sun Jun 22 08:07:54 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions Resent-From: "ShinyZero0" Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 15 Dec 2023 19:25:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67789 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: moreinfo patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 67789@debbugs.gnu.org Received: via spool by 67789-submit@debbugs.gnu.org id=B67789.170266828029004 (code B ref 67789); Fri, 15 Dec 2023 19:25:02 +0000 Received: (at 67789) by debbugs.gnu.org; 15 Dec 2023 19:24:40 +0000 Received: from localhost ([127.0.0.1]:53471 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rEDnc-0007Xk-2i for submit@debbugs.gnu.org; Fri, 15 Dec 2023 14:24:40 -0500 Received: from tilde.club ([142.44.150.184]:38618 ident=postfix) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rEDnX-0007XT-HG for 67789@debbugs.gnu.org; Fri, 15 Dec 2023 14:24:39 -0500 Received: from localhost (unknown [77.91.85.198]) by tilde.club (Postfix) with ESMTPSA id A2EA8223DC634; Fri, 15 Dec 2023 19:24:33 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 tilde.club A2EA8223DC634 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tilde.club; s=mail; t=1702668274; bh=j5w5ZGIBBk9tAFyhN+hSsS/M5nrZM/fsy47PWXiO14Y=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=wobqKoZFGC/Gxkd4IamX1GHwkTpmBG3eTa6+t7XdWCXjpy23+urbaWcley6X0mf1X Ny0/OXntVyGVaSuiqs/8vY0ZWWBr9UrKeLK4UJiGRUCohmY4iK3Xp9x3nputOfyfcj C+N5JnC12rrxXMFW114kw5TcrT8tuF3AUj5uCJzI= Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Fri, 15 Dec 2023 22:24:23 +0300 Message-Id: From: "ShinyZero0" X-Mailer: aerc 0.15.2 References: <20231211233532.63690-1-shinyzero0@tilde.club> <87le9wx5kt.fsf@gnu.org> In-Reply-To: <87le9wx5kt.fsf@gnu.org> X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Thu Dec 14, 2023 at 4:43 PM MSK, Ludovic Court=C3=A8s wrote: > On my laptop permissions seem to be good: > > --8<---------------cut here---------------start------------->8--- > $ ls -ld ~/.ssh/authorized_keys=20 > lrwxrwxrwx 1 ludo users 59 Dec 10 23:36 /home/ludo/.ssh/authorized_keys -= > /gnu/store/k79g5iaaa7gij52nrbhjz6fqq7banzdz-authorized_keys > $ ls -ld ~/.ssh=20 > drwx------ 3 ludo users 4096 Dec 10 23:36 /home/ludo/.ssh/ > $ ssh localhost uname > Linux > --8<---------------cut here---------------end--------------->8--- > > Maybe there are cases when this is not the case, maybe when ~/.ssh does > not exist prior to running =E2=80=98guix home reconfigure=E2=80=99? > > Thanks, > Ludo=E2=80=99. I'm using guix on foreign (Fedora) distro, obviously i had ~/.ssh directory with right permissions before replacing it with guix-generated one. Maybe it's vice versa: the permissions are wrong when the ~/.ssh is being replaced? Honestly, i thought it's unfixable, like, can we change the permissions of a symlink? Oh, and i checked my permissions, and they are the same. Maybe the problem is in somewhere within my sshd? Thanks, Paul.