Public bug reported:
Many servers are set up to simplify and centralize ssh key management
within a single directory.
This is typically done with the line "AuthorizedKeysFile /somedir/%u".
Much online discussion suggests placing the destination in
/etc/ssh/authorized_keys/%u with 0700 on the authorized_keys folder and
0600 or 0644 on the separate public key-files, StrictTypes is enabled
and is supposed to check for the 0700 and 0600 permissions... but
doesn't appear to be working?.
The current supported version for SSH on 16.04.6 LTS appears to be:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.7, OpenSSL 1.0.2g 1 Mar 2016
Under this configuration, standard key-based authentication is unable to
complete without the key directory having at least 0705 on the directory, 0700
fails, and 0644 on the files is sufficient regardless.
This was tested on a 16.04.6 LTS release instance created on Linode.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817967
Title:
16.04.6 LTS OpenSSH-Server requires 0705 directory privileges for
pubkey auth
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1817967/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
