[Bug 663455] Re: Incorrect text found in openssh-client/auth-file.c:542
Launchpad Bug Tracker
663455 at bugs.launchpad.net
Mon Oct 17 21:30:13 UTC 2011
This bug was fixed in the package openssh - 1:5.9p1-1ubuntu1
---------------
openssh (1:5.9p1-1ubuntu1) precise; urgency=low
* Resynchronise with Debian. Remaining changes:
- Add support for registering ConsoleKit sessions on login.
- Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
- Convert to Upstart. The init script is still here for the benefit of
people running sshd in chroots.
- Install apport hook.
- Add mention of ssh-keygen in ssh connect warning.
openssh (1:5.9p1-1) unstable; urgency=low
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
* Update OpenSSH FAQ to revision 1.112.
-- Colin Watson <cjwatson at ubuntu.com> Mon, 17 Oct 2011 16:04:47 +0100
** Changed in: openssh (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/663455
Title:
Incorrect text found in openssh-client/auth-file.c:542
Status in Portable OpenSSH:
Fix Released
Status in “openssh” package in Ubuntu:
Fix Released
Bug description:
Binary package hint: metacity
install the openssh-client source code, look at auth-file.c and see
this stanza :
int
key_perm_ok(int fd, const char *filename)
{
struct stat st;
if (fstat(fd, &st) < 0)
return 0;
/*
* if a key owned by the user is accessed, then we check the
* permissions of the file. if the key owned by a different user,
* then we don't care.
*/
#ifdef HAVE_CYGWIN
if (check_ntsec(filename))
#endif
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("Permissions 0%3.3o for '%s' are too open.",
(u_int)st.st_mode & 0777, filename);
error("It is recommended that your private key files are NOT accessible by others.");
error("This private key will be ignored.");
return 0;
}
return 1;
}
The text "It is recommended that your private key files are NOT accessible by others." should read "It is not permitted....".
There is no work around to use a non-protected private key, therefore
it is incorrect to say recommend.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/663455/+subscriptions
More information about the foundations-bugs
mailing list