On 13.03.2015 13:16, Colin Walters wrote: > On Sun, Mar 8, 2015, at 01:59 PM, Stef Walter wrote: >> >> Tried it out, and after the rebase/reboot I could no longer SSH into the >> atomic host. sshd would drop my connection while negotiating host keys. >> I don't have time to debug this right now, but suspect it is orthogonal >> to Cockpit. > > This was likely: > https://git.fedorahosted.org/cgit/fedora-atomic.git/commit/?id=debbecbc6cec7ae494f26703d0ae28b2c53b0e26 > > Both rawhide and F22 now use F21's uid/gid assignments.
I still see a failure to SSH in due to "UNPROTECTED KEY FILE" with a tree that was generated from a fedora-atomic.get f22 branch including this commit. (cherry-picked peer: 2931308a9034c9d752384f00ed2a4684610d0dbe) > Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: @ WARNING: > UNPROTECTED PRIVATE KEY FILE! @ > Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: Permissions 0640 for > '/etc/ssh/ssh_host_ed25519_key' are too open. > Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: It is recommended > that your private key files are NOT accessible by others. > Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: This private key will > be ignored. > Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: key_load_private: bad > permissions > Mar 27 07:36:18 myatomic.localdomain sshd[1121]: error: Could not load host > key: /etc/ssh/ssh_host_ed25519_key > Mar 27 07:36:18 myatomic.localdomain sshd[1121]: fatal: No supported key > exchange algorithms [preauth] All the private key files in /etc/ssh have 640 permissions. Logging in on the console of the Atomic Host, and running this fixed the issue: # sudo chmod 600 /etc/ssh/*key Obviously this is a bug that would cause remote Fedora Atomic Host's to be unusable. Stef
