Report forwarded
to guix-patches@gnu.org: bug#67789; Package guix-patches.
(Mon, 11 Dec 2023 23:37:01 GMT) (full text, mbox, link).
Acknowledgement sent
to "zero@fedora" <shinyzero0@tilde.club>:
New bug report received and forwarded. Copy sent to guix-patches@gnu.org.
(Mon, 11 Dec 2023 23:37:02 GMT) (full text, mbox, link).
Subject: [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions
Date: Tue, 12 Dec 2023 02:35:32 +0300
* doc/guix.texi (Home services: Secure Shell): Add note about sshd blocking connections because of wrong permissions
---
doc/guix.texi | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 7dde9b727b..832fed3b97 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -44306,6 +44306,13 @@ predictable fashion, almost independently of state on the local machine.
To do that, you instantiate @code{home-openssh-service-type} in your
Home configuration, as explained below.
+@quotation Note
+Note that @command{sshd} will block any @command{ssh} connections to you if
+your files in @file{~/.ssh} have wrong permissions or ownership, as the ones
+created by this service do. To fix that, you need to set @code{StrictModes=no}
+in your @command{sshd} configuration
+@end quotation
+
@defvar home-openssh-service-type
This is the type of the service to set up the OpenSSH client. It takes
care of several things:
--
2.43.0
Information forwarded
to guix-patches@gnu.org: bug#67789; Package guix-patches.
(Thu, 14 Dec 2023 13:44:01 GMT) (full text, mbox, link).
Subject: Re: [bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and
wrong permissions
Date: Thu, 14 Dec 2023 14:43:30 +0100
Hello,
"zero@fedora" <shinyzero0@tilde.club> skribis:
> * doc/guix.texi (Home services: Secure Shell): Add note about sshd blocking connections because of wrong permissions
[...]
> +@quotation Note
> +Note that @command{sshd} will block any @command{ssh} connections to you if
> +your files in @file{~/.ssh} have wrong permissions or ownership, as the ones
> +created by this service do. To fix that, you need to set @code{StrictModes=no}
> +in your @command{sshd} configuration
> +@end quotation
I think we’d rather fix the permissions of those files than document the
bug.
On my laptop permissions seem to be good:
--8<---------------cut here---------------start------------->8---
$ ls -ld ~/.ssh/authorized_keys
lrwxrwxrwx 1 ludo users 59 Dec 10 23:36 /home/ludo/.ssh/authorized_keys -> /gnu/store/k79g5iaaa7gij52nrbhjz6fqq7banzdz-authorized_keys
$ ls -ld ~/.ssh
drwx------ 3 ludo users 4096 Dec 10 23:36 /home/ludo/.ssh/
$ ssh localhost uname
Linux
--8<---------------cut here---------------end--------------->8---
Maybe there are cases when this is not the case, maybe when ~/.ssh does
not exist prior to running ‘guix home reconfigure’?
Thanks,
Ludo’.
Added tag(s) moreinfo.
Request was from Ludovic Courtès <ludo@gnu.org>
to control@debbugs.gnu.org.
(Thu, 14 Dec 2023 13:44:02 GMT) (full text, mbox, link).
Information forwarded
to guix-patches@gnu.org: bug#67789; Package guix-patches.
(Fri, 15 Dec 2023 19:25:02 GMT) (full text, mbox, link).
Subject: Re: [bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and
wrong permissions
Date: Fri, 15 Dec 2023 22:24:23 +0300
On Thu Dec 14, 2023 at 4:43 PM MSK, Ludovic Courtès wrote:
> On my laptop permissions seem to be good:
>
> --8<---------------cut here---------------start------------->8---
> $ ls -ld ~/.ssh/authorized_keys
> lrwxrwxrwx 1 ludo users 59 Dec 10 23:36 /home/ludo/.ssh/authorized_keys -> /gnu/store/k79g5iaaa7gij52nrbhjz6fqq7banzdz-authorized_keys
> $ ls -ld ~/.ssh
> drwx------ 3 ludo users 4096 Dec 10 23:36 /home/ludo/.ssh/
> $ ssh localhost uname
> Linux
> --8<---------------cut here---------------end--------------->8---
>
> Maybe there are cases when this is not the case, maybe when ~/.ssh does
> not exist prior to running ‘guix home reconfigure’?
>
> Thanks,
> Ludo’.
I'm using guix on foreign (Fedora) distro, obviously i had ~/.ssh
directory with right permissions before replacing it with guix-generated
one. Maybe it's vice versa: the permissions are wrong when the ~/.ssh is
being replaced?
Honestly, i thought it's unfixable, like, can we change
the permissions of a symlink?
Oh, and i checked my permissions, and they are the same. Maybe the
problem is in somewhere within my sshd?
Thanks,
Paul.
Debbugs is free software and licensed under the terms of the
GNU Public License version 2. The current version can be
obtained from https://bugs.debian.org/debbugs-source/.