Dear All FEDORA Users,
I am a new bir in fedora linux system as administrator.
Please tell me one thing.
In my fedora linux os server, i am not able to sshd service .
The thing is that, once I had to change the permissions of the files just in order to avoid the other users to explore the system, using chmod command. However, I have immediately changed the permissons again back.
Soon after that I could not log on to the fedora server systm using the ssh serverhostname username command.
When tried to run sshd service using service sshd restart, I got the folloeing errors shown below:-
Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key Could not load host key : /etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available --exiting
Please immedialtely let me know, what to fix in order to restart the service sshd.
Thanks, Jyotishmaan Ray Moderator Of Paradise Groups http://yahoogroups.com/group/Spirituality-Paradise%C2%A0Are You Spiritually Aware !!! Are You Enjoying Yourself !!! See What All You Had Been Missing !!!! Please Join Immediately By Sending A Blank Mail @ Spirituality-Paradise-subscribe@yahoogroups.com
--- On Mon, 12/22/08, fedora-list-request@redhat.com fedora-list-request@redhat.com wrote: From: fedora-list-request@redhat.com fedora-list-request@redhat.com Subject: fedora-list Digest, Vol 58, Issue 254 To: fedora-list@redhat.com Date: Monday, December 22, 2008, 4:24 PM
Send fedora-list mailing list submissions to fedora-list@redhat.com
To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/fedora-list or, via email, send a message with subject or body 'help' to fedora-list-request@redhat.com
You can reach the person managing the list at fedora-list-owner@redhat.com
When replying, please edit your Subject line so it is more specific than "Re: Contents of fedora-list digest..."
Today's Topics:
1. Re: changing 'hosts' to get my machine name ? (Thomas Cameron) 2. Re: changing 'hosts' to get my machine name ? (William Case) 3. Strange network problem in fc 10 (William W. Austin) 4. RE: FC10 does not boot when HDD moved to another machine (Frank Millman) 5. Re: is KDE dead - did Gnome win? (Mike Cloaked) 6. Re: is KDE dead - did Gnome win? (Arthur Pemberton) 7. RE: FC10 does not boot when HDD moved to another machine (Frank Millman) 8. Re: is KDE dead - did Gnome win? (Mike Cloaked) 9. awesfx missing - can't load soundfonts (Paul (draeath)) 10. Re: /etc/profile (Paul (draeath)) 11. Re: awesfx missing - can't load soundfonts (Michael Schwendt) 12. flash-plugin installed and not available (William Case) 13. fedora login window (Alain Roger) 14. Re: is KDE dead - did Gnome win? (Kevin Kofler) 15. Re: is KDE dead - did Gnome win? (Kevin Kofler) 16. Re: fedora login window (John Austin) 17. Re: PackageKit has eaten my system (again!) (Anne Wilson)
----------------------------------------------------------------------
Message: 1 Date: Sun, 21 Dec 2008 23:38:21 -0600 From: Thomas Cameron thomas.cameron@camerontech.com Subject: Re: changing 'hosts' to get my machine name ? To: "Community assistance, encouragement, and advice for using Fedora." fedora-list@redhat.com Message-ID: 494F27CD.9030007@camerontech.com Content-Type: text/plain; charset=ISO-8859-1; format=flowed
William Case wrote:
Hi;
This is an old stupid question but I am stuck nonetheless. I have googled for several different ways but none work.
I have changed my /etc/hosts file to: 127.0.0.1 CASE localhost.localdomain localhost
This is the same as from my F9 /etc backup.
CASE is the name of my machine. None of my programs seems to recognize it except 'hostname' -s or -f. The same problem with localhost.localdomain. I have changed it manually before in earlier Fedora versions but now nothing seems to work. If I remember correctly there where two files that needed changing.
I just installed F10 and must have missed Anaconda asking for my machine name.
Your hostname is set in /etc/sysconfig/network. /etc/hosts is only for name resolution, although you should prbably set your hostname there as well. You should use lower case for the hostname, some apps don't grok mixed or upper case.
------------------------------
Message: 2 Date: Mon, 22 Dec 2008 01:01:54 -0500 From: William Case billlinux@rogers.com Subject: Re: changing 'hosts' to get my machine name ? To: "Community assistance, encouragement, and advice for using Fedora." fedora-list@redhat.com Message-ID: 1229925714.3076.6.camel@CASE Content-Type: text/plain
Thanks Thomas;
On Sun, 2008-12-21 at 23:38 -0600, Thomas Cameron wrote:
William Case wrote:
Hi;
This is an old stupid question but I am stuck nonetheless. I have googled for several different ways but none work.
I have changed my /etc/hosts file to: 127.0.0.1 CASE localhost.localdomain localhost
This is the same as from my F9 /etc backup.
CASE is the name of my machine. None of my programs seems to
recognize
it except 'hostname' -s or -f. The same problem with localhost.localdomain. I have changed it manually before in earlier Fedora versions but now nothing seems to work. If I remember
correctly
there where two files that needed changing.
I just installed F10 and must have missed Anaconda asking for my
machine
name.
Your hostname is set in /etc/sysconfig/network. /etc/hosts is only for name resolution, although you should prbably set your hostname there as well. You should use lower case for the hostname, some apps don't
grok
mixed or upper case.
I set the hostname with lower case in network. Everything works fine -- I guess I just had a brain cramp or something. However, I had heard that some programs don't understand upper case hostnames. In F9 I purposefully used CASE to see. I didn't hit one program that had a problem. I wonder if that means the world has changed by now and a user can get away with using upper case.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/22/2008 07:06 AM, Jyotishmaan Ray wrote:
Dear All FEDORA Users,
I am a new bir in fedora linux system as administrator.
Please tell me one thing.
In my fedora linux os server, i am not able to sshd service .
The thing is that, once I had to change the permissions of the files just in order to avoid the other users to explore the system, using chmod command. However, I have immediately changed the permissons again back.
Soon after that I could not log on to the fedora server systm using the ssh serverhostname username command.
When tried to run sshd service using service sshd restart, I got the folloeing errors shown below:-
Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key Could not load host key : /etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available --exiting
Please immedialtely let me know, what to fix in order to restart the service sshd.
Thanks, Jyotishmaan Ray Moderator Of Paradise Groups http://yahoogroups.com/group/Spirituality-Paradise
If you must reply to digest messges, please trim them to the relevant portion.
$ ll /etc/ssh* total 164 - -rw------- 1 root root 125811 2008-10-17 03:44 moduli - -rw-r--r-- 1 root root 1964 2008-10-17 03:44 ssh_config - -rw------- 1 root root 3658 2008-05-23 18:38 sshd_config - -rw------- 1 root root 3711 2008-10-17 03:44 sshd_config.rpmnew - -rw------- 1 root root 668 2008-05-23 17:52 ssh_host_dsa_key - -rw-r--r-- 1 root root 590 2008-05-23 17:52 ssh_host_dsa_key.pub - -rw------- 1 root root 963 2008-05-23 17:52 ssh_host_key - -rw-r--r-- 1 root root 627 2008-05-23 17:52 ssh_host_key.pub - -rw------- 1 root root 1675 2008-05-23 17:52 ssh_host_rsa_key - -rw-r--r-- 1 root root 382 2008-05-23 17:52 ssh_host_rsa_key.pub
- --
Steve
Please read: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
<snip> Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key Could not load host key : /etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available --exiting <snip>
public key should be set with 644 perms and private keys with 600
hth
Thierry
On Mon, 2008-12-22 at 05:06 -0800, Jyotishmaan Ray wrote:
Dear All FEDORA Users,
I am a new bir in fedora linux system as administrator.
Please tell me one thing.
In my fedora linux os server, i am not able to sshd service .
The thing is that, once I had to change the permissions of the files just in order to avoid the other users to explore the system, using chmod command. However, I have immediately changed the permissons again back.
Soon after that I could not log on to the fedora server systm using the ssh serverhostname username command.
When tried to run sshd service using service sshd restart, I got the folloeing errors shown below:-
Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key Could not load host key : /etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available --exiting
Please immedialtely let me know, what to fix in order to restart the service sshd.
Permissions should be 700.
On Mon, 2008-12-22 at 14:30 +0100, Thierry Sayegh De Bellis wrote:
Please read: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
<snip> Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key Could not load host key : /etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available --exiting <snip>
public key should be set with 644 perms and private keys with 600
hth
Thierry
600 is correct. I said 700 which is wrong.
-- ======================================================================= Lord, defend me from my friends; I can account for my enemies. -- Charles D'Hericault ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net
Please tell me whose permissions should be 700, please name the files whose permissions I must set to 700, and also let me know if anuthing lese has to be done in order to execute the ssh command.
Thanks, Jyotishmaan Ray Moderator Of Paradise Groups http://yahoogroups.com/group/Spirituality-Paradise%C2%A0Are You Spiritually Aware !!! Are You Enjoying Yourself !!! See What All You Had Been Missing !!!! Please Join Immediately By Sending A Blank Mail @ Spirituality-Paradise-subscribe@yahoogroups.com
--- On Mon, 12/22/08, Aaron Konstam akonstam@sbcglobal.net wrote: From: Aaron Konstam akonstam@sbcglobal.net Subject: Re: How to Restart the service sshd in Fedora Linux System ? To: jyotishmaan@yahoo.com, "Community assistance, encouragement, and advice for using Fedora." fedora-list@redhat.com Date: Monday, December 22, 2008, 9:26 PM
On Mon, 2008-12-22 at 05:06 -0800, Jyotishmaan Ray wrote:
Dear All FEDORA Users,
I am a new bir in fedora linux system as administrator.
Please tell me one thing.
In my fedora linux os server, i am not able to sshd service .
The thing is that, once I had to change the permissions of the files just in order to avoid the other users to explore the system, using chmod command. However, I have immediately changed the permissons again back.
Soon after that I could not log on to the fedora server systm using the ssh serverhostname username command.
When tried to run sshd service using service sshd restart, I got the folloeing errors shown below:-
Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key Could not load host key : /etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available --exiting
Please immedialtely let me know, what to fix in order to restart the service sshd.
Permissions should be 700.
Jyotishmaan Ray wrote:
Please tell me whose permissions should be 700, please name the files whose permissions I must set to 700, and also let me know if anuthing lese has to be done in order to execute the ssh command.
My set up is as follows:
The /etc/ssh directory is owned by root, group of root and have 755 permissions (rwxrw-rw-). The files IN /etc/ssh are all be owned by root, group of root with 500 permissions (rw-------) EXCEPT ssh_config and any "*.pub" files. Those have 544 permissions (rw-r--r--).
In _your_ home directory, the .ssh directory is owned by you with your group and have 700 permissions (rwx------). The files in it should be owned by you with your group and have 500 permissions (rw-------) except any "*.pub" files, which can have 544 permissions (rw-r--r--).
Really, since the directory can only be read by you, all files could be 544 (rw-r--r--). ssh really is worried about someone other than you writing to those files.
--- On Mon, 12/22/08, Aaron Konstam akonstam@sbcglobal.net wrote: From: Aaron Konstam akonstam@sbcglobal.net Subject: Re: How to Restart the service sshd in Fedora Linux System ? To: jyotishmaan@yahoo.com, "Community assistance, encouragement, and advice for using Fedora." fedora-list@redhat.com Date: Monday, December 22, 2008, 9:26 PM
On Mon, 2008-12-22 at 05:06 -0800, Jyotishmaan Ray wrote:
Dear All FEDORA Users,
I am a new bir in fedora linux system as administrator.
Please tell me one thing.
In my fedora linux os server, i am not able to sshd service .
The thing is that, once I had to change the permissions of the files just in order to avoid the other users to explore the system, using chmod command. However, I have immediately changed the permissons again back.
Soon after that I could not log on to the fedora server systm using the ssh serverhostname username command.
When tried to run sshd service using service sshd restart, I got the folloeing errors shown below:-
Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key Could not load host key : /etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available --exiting
Please immedialtely let me know, what to fix in order to restart the service sshd.
Permissions should be 700.
Directory /etc/ssh - should be drwxr-xr-x. The world must have the rights to read and enter the directory but not write to it.
Most of the files should be -rw-------. Only root can read or write them. None should have x permission. And ssh_config and the .pub files should be -rw-r--r--.
Nobody but root should be able to write to that directory under any circumstance or your system is open to exploitation.
Each user ~/.ssh directory should be drwxr-xr-x. Each file should be -rw-r--r--. (This is probably wrong. The directory probably should be drwx------ and the files should be -rw-------. But under RedHat and Fedora home directories are drwx------, so people who do not belong can't get to the directory in the first place.
{^_^} ----- Original Message ----- From: "Rick Stevens" ricks@nerd.com Sent: Tuesday, 2008, December 23 10:27
Jyotishmaan Ray wrote:
Please tell me whose permissions should be 700, please name the files whose permissions I must set to 700, and also let me know if anuthing lese has to be done in order to execute the ssh command.
My set up is as follows:
The /etc/ssh directory is owned by root, group of root and have 755 permissions (rwxrw-rw-). The files IN /etc/ssh are all be owned by root, group of root with 500 permissions (rw-------) EXCEPT ssh_config and any "*.pub" files. Those have 544 permissions (rw-r--r--).
In _your_ home directory, the .ssh directory is owned by you with your group and have 700 permissions (rwx------). The files in it should be owned by you with your group and have 500 permissions (rw-------) except any "*.pub" files, which can have 544 permissions (rw-r--r--).
Really, since the directory can only be read by you, all files could be 544 (rw-r--r--). ssh really is worried about someone other than you writing to those files.
--- On Mon, 12/22/08, Aaron Konstam akonstam@sbcglobal.net wrote: From: Aaron Konstam akonstam@sbcglobal.net Subject: Re: How to Restart the service sshd in Fedora Linux System ? To: jyotishmaan@yahoo.com, "Community assistance, encouragement, and advice for using Fedora." fedora-list@redhat.com Date: Monday, December 22, 2008, 9:26 PM
On Mon, 2008-12-22 at 05:06 -0800, Jyotishmaan Ray wrote:
Dear All FEDORA Users,
I am a new bir in fedora linux system as administrator.
Please tell me one thing. In my fedora linux os server, i am not able to sshd service .
The thing is that, once I had to change the permissions of the files just in order to avoid the other users to explore the system, using chmod command. However, I have immediately changed the permissons again back.
Soon after that I could not log on to the fedora server systm using the ssh serverhostname username command.
When tried to run sshd service using service sshd restart, I got the folloeing errors shown below:-
Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key Could not load host key : /etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available --exiting
Please immedialtely let me know, what to fix in order to restart the service sshd.
Permissions should be 700.
--
- Rick Stevens, Systems Engineer ricks@nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
-
Never put off 'til tommorrow what you can forget altogether! -
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
jdow wrote:
Directory /etc/ssh - should be drwxr-xr-x. The world must have the rights to read and enter the directory but not write to it.
Most of the files should be -rw-------. Only root can read or write them. None should have x permission. And ssh_config and the .pub files should be -rw-r--r--.
Nobody but root should be able to write to that directory under any circumstance or your system is open to exploitation.
Each user ~/.ssh directory should be drwxr-xr-x. Each file should be -rw-r--r--. (This is probably wrong. The directory probably should be drwx------ and the files should be -rw-------. But under RedHat and Fedora home directories are drwx------, so people who do not belong can't get to the directory in the first place.
Yes, your second statement is "more" correct. The ~/.ssh directory should be drwx------.
While, as you point out, it won't make a difference in cases where one doesn't alter the defaults of user creation. In cases where you assign groups or add users to various groups it could become a factor. So as not to tax ones memory I feel it is good practice to advise drwx------.
From: "Ed Greshko" Ed.Greshko@greshko.com Sent: Tuesday, 2008, December 23 16:30
jdow wrote:
Directory /etc/ssh - should be drwxr-xr-x. The world must have the rights to read and enter the directory but not write to it.
Most of the files should be -rw-------. Only root can read or write them. None should have x permission. And ssh_config and the .pub files should be -rw-r--r--.
Nobody but root should be able to write to that directory under any circumstance or your system is open to exploitation.
Each user ~/.ssh directory should be drwxr-xr-x. Each file should be -rw-r--r--. (This is probably wrong. The directory probably should be drwx------ and the files should be -rw-------. But under RedHat and Fedora home directories are drwx------, so people who do not belong can't get to the directory in the first place.
Yes, your second statement is "more" correct. The ~/.ssh directory should be drwx------.
While, as you point out, it won't make a difference in cases where one doesn't alter the defaults of user creation. In cases where you assign groups or add users to various groups it could become a factor. So as not to tax ones memory I feel it is good practice to advise drwx------.
<<jdow The main take away should be that while compacency often works rigor is better. After installing the rigor one can turn off the SELinux "stuff" if that is needed and still be relatively stage.
{^_-}