Bug#585047: libpam-ssh: permissions warning is wrong and/or confusing

Tue, 08 Jun 2010 10:27:17 -0700 

Package: libpam-ssh
Version: 1.92-14
Severity: normal

Jun  8 17:06:32 vent pam_ssh[1885]: error: 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jun  8 17:06:32 vent pam_ssh[1885]: error: @         WARNING: UNPROTECTED 
PRIVATE KEY FILE!          @
Jun  8 17:06:32 vent pam_ssh[1885]: error: 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jun  8 17:06:32 vent pam_ssh[1885]: error: Permissions 0644 for 
'/home/allan/.ssh/login-keys.d/id_dsa.pub' are too open.
Jun  8 17:06:32 vent pam_ssh[1885]: error: It is recommended that your private 
key files are NOT accessible by others.
Jun  8 17:06:32 vent pam_ssh[1885]: error: This private key will be ignored.
Jun  8 17:06:32 vent pam_ssh[1885]: error: bad permissions: ignore key: 
/home/allan/.ssh/login-keys.d/id_dsa.pub

Both of these files are symbolic links on my system:

lrwxrwxrwx 1 allan users  9 Jan 14 21:29 id_dsa -> ../id_dsa
lrwxrwxrwx 1 allan users 13 Jan 14 21:28 id_dsa.pub -> ../id_dsa.pub

so it is a little confusing that it talks about the link yet looks at the
permissions of the linked file.

It complains about the private key yet the permissions in the above and the
file name is the public key.  Not sure there is any issues with the public key
being readable by others.

In any case the actual problem, I think, is that the public key should not
be present in .ssh/login-keys.d.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libpam-ssh depends on:
ii  libc6                         2.11.1-2   Embedded GNU C Library: Shared lib
ii  libpam0g                      1.1.1-3    Pluggable Authentication Modules l
ii  libssl0.9.8                   0.9.8o-1   SSL shared libraries

Versions of packages libpam-ssh recommends:
ii  openssh-client [ssh-client]   1:5.5p1-4  secure shell (SSH) client, for sec

libpam-ssh suggests no packages.

-- Configuration Files:
/etc/pam.d/pam-ssh-auth changed:
auth required pam_ssh.so


-- no debconf information

-- 
Allan Wind
Life Integrity, LLC
<http://lifeintegrity.com>




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to