GNU bug report logs

#67789 [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions

PackageSource(s)Maintainer(s)
guix-patches PTS Buildd Popcon
Reply or subscribe to this bug. View this bug as an mbox, status mbox, or maintainer mbox

Report forwarded to guix-patches@gnu.org:
bug#67789; Package guix-patches. (Mon, 11 Dec 2023 23:37:01 GMT) (full text, mbox, link).

Acknowledgement sent to "zero@fedora" <shinyzero0@tilde.club>:
New bug report received and forwarded. Copy sent to guix-patches@gnu.org. (Mon, 11 Dec 2023 23:37:02 GMT) (full text, mbox, link).

Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):

From: "zero@fedora" <shinyzero0@tilde.club>
To: guix-patches@gnu.org
Cc: "zero@fedora" <shinyzero0@tilde.club>
Subject: [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions
Date: Tue, 12 Dec 2023 02:35:32 +0300
* doc/guix.texi (Home services: Secure Shell): Add note about sshd blocking connections because of wrong permissions
---
 doc/guix.texi | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 7dde9b727b..832fed3b97 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -44306,6 +44306,13 @@ predictable fashion, almost independently of state on the local machine.
 To do that, you instantiate @code{home-openssh-service-type} in your
 Home configuration, as explained below.
 
+@quotation Note
+Note that @command{sshd} will block any @command{ssh} connections to you if
+your files in @file{~/.ssh} have wrong permissions or ownership, as the ones
+created by this service do. To fix that, you need to set @code{StrictModes=no}
+in your @command{sshd} configuration
+@end quotation
+
 @defvar home-openssh-service-type
 This is the type of the service to set up the OpenSSH client.  It takes
 care of several things:
-- 
2.43.0

Information forwarded to guix-patches@gnu.org:
bug#67789; Package guix-patches. (Thu, 14 Dec 2023 13:44:01 GMT) (full text, mbox, link).

Message #8 received at 67789@debbugs.gnu.org (full text, mbox, reply):

From: Ludovic Courtès <ludo@gnu.org>
To: "zero@fedora" <shinyzero0@tilde.club>
Cc: 67789@debbugs.gnu.org
Subject: Re: [bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions
Date: Thu, 14 Dec 2023 14:43:30 +0100
Hello,

"zero@fedora" <shinyzero0@tilde.club> skribis:

> * doc/guix.texi (Home services: Secure Shell): Add note about sshd blocking connections because of wrong permissions

[...]

> +@quotation Note
> +Note that @command{sshd} will block any @command{ssh} connections to you if
> +your files in @file{~/.ssh} have wrong permissions or ownership, as the ones
> +created by this service do. To fix that, you need to set @code{StrictModes=no}
> +in your @command{sshd} configuration
> +@end quotation

I think we’d rather fix the permissions of those files than document the
bug.

On my laptop permissions seem to be good:

--8<---------------cut here---------------start------------->8---
$ ls -ld ~/.ssh/authorized_keys 
lrwxrwxrwx 1 ludo users 59 Dec 10 23:36 /home/ludo/.ssh/authorized_keys -> /gnu/store/k79g5iaaa7gij52nrbhjz6fqq7banzdz-authorized_keys
$ ls -ld ~/.ssh 
drwx------ 3 ludo users 4096 Dec 10 23:36 /home/ludo/.ssh/
$ ssh localhost uname
Linux
--8<---------------cut here---------------end--------------->8---

Maybe there are cases when this is not the case, maybe when ~/.ssh does
not exist prior to running ‘guix home reconfigure’?

Thanks,
Ludo’.

Added tag(s) moreinfo. Request was from Ludovic Courtès <ludo@gnu.org> to control@debbugs.gnu.org. (Thu, 14 Dec 2023 13:44:02 GMT) (full text, mbox, link).

Information forwarded to guix-patches@gnu.org:
bug#67789; Package guix-patches. (Fri, 15 Dec 2023 19:25:02 GMT) (full text, mbox, link).

Message #13 received at 67789@debbugs.gnu.org (full text, mbox, reply):

From: "ShinyZero0" <shinyzero0@tilde.club>
To: Ludovic Courtès <ludo@gnu.org>
Cc: 67789@debbugs.gnu.org
Subject: Re: [bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions
Date: Fri, 15 Dec 2023 22:24:23 +0300
On Thu Dec 14, 2023 at 4:43 PM MSK, Ludovic Courtès wrote:
> On my laptop permissions seem to be good:
>
> --8<---------------cut here---------------start------------->8---
> $ ls -ld ~/.ssh/authorized_keys 
> lrwxrwxrwx 1 ludo users 59 Dec 10 23:36 /home/ludo/.ssh/authorized_keys -> /gnu/store/k79g5iaaa7gij52nrbhjz6fqq7banzdz-authorized_keys
> $ ls -ld ~/.ssh 
> drwx------ 3 ludo users 4096 Dec 10 23:36 /home/ludo/.ssh/
> $ ssh localhost uname
> Linux
> --8<---------------cut here---------------end--------------->8---
>
> Maybe there are cases when this is not the case, maybe when ~/.ssh does
> not exist prior to running ‘guix home reconfigure’?
>
> Thanks,
> Ludo’.

I'm using guix on foreign (Fedora) distro, obviously i had ~/.ssh
directory with right permissions before replacing it with guix-generated
one. Maybe it's vice versa: the permissions are wrong when the ~/.ssh is
being replaced?
Honestly, i thought it's unfixable, like, can we change
the permissions of a symlink?
Oh, and i checked my permissions, and they are the same. Maybe the
problem is in somewhere within my sshd?
Thanks,
Paul.

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Fri Oct 25 19:22:00 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.