Hi list!
I think I am missing something. I am sure I do. So please enlighten me.
As explained in a previous message, sshd does not start on my install
client; I therefore cannot login during the install process using SSH. I
seem to be the only one who has that problem, though.
I think I found the cause. Heres the host keys in my nfsroot on the
install server:
debian32m:/srv/fai/nfsroot/etc/ssh# ls -l
total 160
-rw-r--r-- 1 root root 132777 2007-03-05 17:38 moduli
-rw-r--r-- 1 root root 1424 2007-03-05 17:38 ssh_config
-rw-r--r-- 1 root root 1874 2007-05-11 10:16 sshd_config
-rw------- 1 root root 668 2007-05-11 10:16 ssh_host_dsa_key
-rw-r--r-- 1 root root 604 2007-05-11 10:16 ssh_host_dsa_key.pub
-rw------- 1 root root 1675 2007-05-11 10:16 ssh_host_rsa_key
-rw-r--r-- 1 root root 396 2007-05-11 10:16 ssh_host_rsa_key.pub
The only problem with that is that this directory gets mounted by the
install client via NFS. So let's try that from an installed client:
mount myinstallserver.net:/srv/fai/nfsroot /mnt
ls -l /mnt/etc/ssh looks fine:
-rw-r--r-- 1 root root 132777 2007-03-05 17:38 moduli
-rw-r--r-- 1 root root 1424 2007-03-05 17:38 ssh_config
-rw-r--r-- 1 root root 1874 2007-05-11 10:16 sshd_config
-rw------- 1 root root 668 2007-05-11 10:16 ssh_host_dsa_key
-rw-r--r-- 1 root root 604 2007-05-11 10:16 ssh_host_dsa_key.pub
-rw------- 1 root root 1675 2007-05-11 10:16 ssh_host_rsa_key
-rw-r--r-- 1 root root 396 2007-05-11 10:16 ssh_host_rsa_key.pub
*But*:
# cat ssh_host_rsa_key
cat: ssh_host_rsa_key: Input/output error
It is basically impossible for the install client to read the host keys
via NFS because only root may read them and NFS does some mapping
prevening this. (I cannot properly phrase this, but the fact that you
are root on the client does not make you root on NFS server, AFAIK.)
I tried to chmod the host keys to make them world readable, but they
sshd complains:
syslog.log:Jun 21 15:14:47 box-n-02 sshd[1785]: Server listening on ::
port 22.
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: @
WARNING: UNPROTECTED PRIVATE KEY FILE!
@
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: Permissions 0644
for '/etc/ssh/ssh_host_rsa_key' are
too open.
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: It is recommended
that your private key files are NOT
accessible by others.
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: This private key
will be ignored.
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: bad permissions:
ignore key: /etc/ssh/ssh_host_rsa_ke
y
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: Could not load
host key: /etc/ssh/ssh_host_rsa_key
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: @
WARNING: UNPROTECTED PRIVATE KEY FILE!
@
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: Permissions 0644
for '/etc/ssh/ssh_host_dsa_key' are
too open.
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: It is recommended
that your private key files are NOT
accessible by others.
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: This private key
will be ignored.
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: bad permissions:
ignore key: /etc/ssh/ssh_host_dsa_ke
y
syslog.log:Jun 21 15:15:11 box-n-02 sshd[2138]: error: Could not load
host key: /etc/ssh/ssh_host_dsa_key
syslog.log:Jun 21 15:15:15 box-n-02 sshd[2166]: error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@
syslog.log:Jun 21 15:15:16 box-n-02 sshd[2166]: error: @
WARNING: UNPROTECTED PRIVATE KEY FILE!
@
syslog.log:Jun 21 15:15:16 box-n-02 sshd[2166]: error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@
syslog.log:Jun 21 15:15:16 box-n-02 sshd[2166]: error: Permissions 0644
for '/etc/ssh/ssh_host_rsa_key' are
too open.
So what do you guys do on your systems to overcome this issue?
Regards,
Torsten
