Results 1 to 3 of 3

Thread: After upgrading to 12.04.1, ssh has stricter key rules

  1. #1
    Join Date
    Feb 2010
    Beans
    3

    After upgrading to 12.04.1, ssh has stricter key rules

    Hi,

    I have a group called remote, and a private ssh-key owned by root:remote, and readable to user (root) and group (remote). Users that are members of remote may use it to connect to another server. This way, I can change the key as frequently as I want without relying on the users following instructions or that they bother to change keys.

    This setup has worked well for many years. Now, when I upgraded to Ubuntu 12.04.1, it stopped working, because ssh complains that permissions are too open (readable to group). The whole point of having groups is to be able to selectively share data like this. I can't seem to find an option for this.

    Is there a way to configure ssh to work as it used to work before the upgrade?

  2. #2
    Join Date
    Dec 2010
    Beans
    570
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: After upgrading to 12.04.1, ssh has stricter key rules

    That is odd here is an example from a test system running 12.04 where I changed the group on my ssh key files and granted the group read:
    Code:
    hawkmage@vb-ubuntu:~$ ls -l ~/.ssh/
    total 12
    -rw-r----- 1 root     tempuser  1675 Nov 19 19:17 id_rsa
    -rw-r--r-- 1 root     tempuser   404 Nov 19 19:17 id_rsa.pub
    -rw-r--r-- 1 hawkmage hawkmage 3536 Nov 19 19:16 known_hosts
    hawkmage@vb-ubuntu:~$ ssh server
    Last login: Mon Nov 19 19:20:17 2012 from vb-ubuntu
    server:~ hawkmage$
    What are the permissions on the key files?

    If you want to old less secure functionality you cane add/change the StrictModes directive to the sshd_config file.

  3. #3
    Join Date
    Feb 2010
    Beans
    3

    Re: After upgrading to 12.04.1, ssh has stricter key rules

    Thanks for testing and replying!

    This is very strange. Today, the test I created to reproduce the problem succeeds. I've rebooted the machine, otherwise I cannot think of any other changes. Let's assume I made a mistake, until I can properly reproduce it again.

    Thanks again for your time! /Greg

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •