[Bug 663455] Re: Incorrect text found in openssh-client/auth-file.c:542

Launchpad Bug Tracker 663455 at bugs.launchpad.net
Mon Oct 17 21:30:13 UTC 2011


This bug was fixed in the package openssh - 1:5.9p1-1ubuntu1

---------------
openssh (1:5.9p1-1ubuntu1) precise; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart.  The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.

openssh (1:5.9p1-1) unstable; urgency=low

  * New upstream release (http://www.openssh.org/txt/release-5.9).
    - Introduce sandboxing of the pre-auth privsep child using an optional
      sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
      mandatory restrictions on the syscalls the privsep child can perform.
    - Add new SHA256-based HMAC transport integrity modes from
      http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
    - The pre-authentication sshd(8) privilege separation slave process now
      logs via a socket shared with the master process, avoiding the need to
      maintain /dev/log inside the chroot (closes: #75043, #429243,
      #599240).
    - ssh(1) now warns when a server refuses X11 forwarding (closes:
      #504757).
    - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
      separated by whitespace (closes: #76312).  The authorized_keys2
      fallback is deprecated but documented (closes: #560156).
    - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
      ToS/DSCP (closes: #498297).
    - ssh-add(1) now accepts keys piped from standard input.  E.g. "ssh-add
      - < /path/to/key" (closes: #229124).
    - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
    - Say "required" rather than "recommended" in unprotected-private-key
      warning (LP: #663455).
  * Update OpenSSH FAQ to revision 1.112.
 -- Colin Watson <cjwatson at ubuntu.com>   Mon, 17 Oct 2011 16:04:47 +0100

** Changed in: openssh (Ubuntu)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/663455

Title:
  Incorrect text found in openssh-client/auth-file.c:542

Status in Portable OpenSSH:
  Fix Released
Status in “openssh” package in Ubuntu:
  Fix Released

Bug description:
  Binary package hint: metacity

  install the openssh-client source code, look at auth-file.c and see
  this stanza :

  int
  key_perm_ok(int fd, const char *filename)
  {
       struct stat st;

       if (fstat(fd, &st) < 0)
            return 0;
       /*
        * if a key owned by the user is accessed, then we check the
        * permissions of the file. if the key owned by a different user,
        * then we don't care.
        */
  #ifdef HAVE_CYGWIN
       if (check_ntsec(filename))
  #endif
       if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
            error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
            error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
            error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
            error("Permissions 0%3.3o for '%s' are too open.",
                (u_int)st.st_mode & 0777, filename);
            error("It is recommended that your private key files are NOT accessible by others.");
            error("This private key will be ignored.");
            return 0;
       }
       return 1;
  }

  
  The text "It is recommended that your private key files are NOT accessible by others." should read "It is not permitted....".

  There is no work around to use a non-protected private key, therefore
  it is incorrect to say recommend.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/663455/+subscriptions




More information about the foundations-bugs mailing list