Debian Bug report logs - #26658
ssh: hostname: Remote: Bad file modes for /home/username

version graph

Package: ssh; Maintainer for ssh is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>; Source for ssh is src:openssh (PTS, buildd, popcon).

Reported by: Teddy Hogeborn <teddy@recompile.se>

Date: Sat, 12 Sep 1998 09:33:01 UTC

Severity: wishlist

Found in version 1.2.26-1

Done: Philip Hands <phil@hands.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Philip Hands <phil@hands.com>:
Bug#26658; Package ssh. (full text, mbox, link).

Acknowledgement sent to Teddy Hogeborn <teddy@fukt.hk-r.se>:
New bug report received and forwarded. Copy sent to Philip Hands <phil@hands.com>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Teddy Hogeborn <teddy@fukt.hk-r.se>
To: submit@bugs.debian.org
Subject: ssh: hostname: Remote: Bad file modes for /home/username
Date: Sat, 12 Sep 1998 11:26:50 +0200
Package: ssh
Version: 1.2.26-1
Severity: important

When I try to ssh to a debian box using RSA authentication (from
ssh-agent), the following messages appear:

hubert$ ssh -v nigol
SSH Version 1.2.25 [m68k-next-nextstep3], protocol version 1.5.
Standard version.  Does not use RSAREF.
hubert: Reading configuration data /home/teddy/.ssh/config
hubert: Reading configuration data /etc/ssh_config
hubert: ssh_connect: getuid 1000 geteuid 0 anon 0
hubert: Connecting to nigol [194.47.151.8] port 22.
hubert: Allocated local port 1021.
hubert: Connection established.
hubert: Remote protocol version 1.5, remote software version 1.2.26
hubert: Waiting for server public key.
hubert: Received server public key (768 bits) and host key (1024 bits).
hubert: Host 'nigol' is known and matches the host key.
hubert: Initializing random; seed file /home/teddy/.ssh/random_seed
hubert: Encryption type: blowfish
hubert: Sent encrypted session key.
hubert: Installing crc compensation attack detector
hubert: Received encrypted confirmation.
hubert: Remote: Server does not permit empty password login.
hubert: Connection to authentication agent opened.
hubert: Trying RSA authentication via agent with 'teddy@fukt.hk-r.se'
hubert: Remote: Bad file modes for /home/teddy
hubert: Server refused our key.
hubert: RSA authentication using agent refused.
hubert: Trying RSA authentication with key 'teddy@fukt.hk-r.se'
hubert: Remote: Bad file modes for /home/teddy
hubert: Server refused our key.
hubert: Doing password authentication.
teddy@nigol's password: 

I then have to input my password anyway.  This started just when I
changed the permissions of my home directory from 755 to 775.  Since
the default in Debian is umask 002 with one private group per user
(which is what I have), this is kind of silly of sshd to complain
about and refuse RSA authentication because of.

As it is, I have had to put "StrictModes no" in "/etc/ssh/sshd_config"
to make RSA authentication work again.

Note: I use autofs on /home, but that never affected anything.

-- System Information
Debian Release: 2.0
Kernel Version: Linux nigol 2.0.34 #1 Tue Aug 18 03:24:20 MEST 1998 i486 unknown

Versions of the packages ssh depends on:
ii  gmp2            2.0.2-6        Multiprecision arithmetic library
ii  libc6           2.0.7t-1       The GNU C library version 2 (run-time files)
ii  zlib1g          1.1.1-0.1      compression library - runtime

--- Begin /etc/ssh/ssh_config (modified conffile)
RhostsAuthentication no
RhostsRSAAuthentication no
Cipher blowfish

--- End /etc/ssh/ssh_config

--- Begin /etc/ssh/sshd_config (modified conffile)
Port 22
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_key
RandomSeed /etc/ssh/ssh_random_seed
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
IgnoreRhosts no
StrictModes no
QuietMode no
X11Forwarding yes
X11DisplayOffset 10
FascistLogging no
PrintMotd yes
KeepAlive yes
SyslogFacility DAEMON
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
UseLogin no

--- End /etc/ssh/sshd_config

Reply sent to Philip Hands <phil@hands.com>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Teddy Hogeborn <teddy@fukt.hk-r.se>:
Bug acknowledged by developer. (full text, mbox, link).

Message #10 received at 26658-done@bugs.debian.org (full text, mbox, reply):

From: Philip Hands <phil@hands.com>
To: Teddy Hogeborn <teddy@fukt.hk-r.se>, 26658-done@bugs.debian.org
Subject: Re: Bug#26658: ssh: hostname: Remote: Bad file modes for /home/username
Date: Mon, 21 Sep 1998 14:21:54 +0100
> I then have to input my password anyway.  This started just when I
> changed the permissions of my home directory from 755 to 775.  Since
> the default in Debian is umask 002 with one private group per user
> (which is what I have), this is kind of silly of sshd to complain
> about and refuse RSA authentication because of.

This is completely intentional.  There are good reasons for using
``StrictModes yes'' in some settings.  If I were to make the default 
``StrictModes no'', then I would introduce the possibility of people 
inadvertently opening a security hole.  As it stands, they have to read enough 
documentation to understand the implications of what they do, before they do 
it.

SSH is a security tool, so I tend to think that emphasising security over 
usability is the right approach.  The alternative is to do what many 
commercial systems do, and have the installation defaults set to make the 
system work straight out of the box, but at the cost of compromising security. 
This is not acceptable IMNSHO.

Cheers, Phil.

Bug reopened, originator not changed. Request was from Philip Hands <phil@hands.com> to control@bugs.debian.org. (full text, mbox, link).

Severity set to `wishlist'. Request was from Philip Hands <phil@hands.com> to control@bugs.debian.org. (full text, mbox, link).

Bug closed, ack sent to submitter - they'd better know why ! Request was from Philip Hands <phil@hands.com> to control@bugs.debian.org. (full text, mbox, link).

Bug unarchived. Request was from Teddy Hogeborn <teddy@fukt.bsnet.se> to control@bugs.debian.org. (Sat, 29 Nov 2008 21:34:36 GMT) (full text, mbox, link).

Changed Bug submitter from Teddy Hogeborn <teddy@fukt.hk-r.se> to Teddy Hogeborn <teddy@fukt.bsnet.se>. Request was from Teddy Hogeborn <teddy@fukt.bsnet.se> to control@bugs.debian.org. (Sat, 29 Nov 2008 21:34:38 GMT) (full text, mbox, link).

Bug archived. Request was from Teddy Hogeborn <teddy@fukt.bsnet.se> to control@bugs.debian.org. (Sat, 29 Nov 2008 21:34:40 GMT) (full text, mbox, link).

Bug unarchived. Request was from Teddy Hogeborn <teddy@recompile.se> to control@bugs.debian.org. (Mon, 10 Oct 2011 08:03:10 GMT) (full text, mbox, link).

Changed Bug submitter to 'Teddy Hogeborn <teddy@recompile.se>' from 'Teddy Hogeborn <teddy@fukt.bsnet.se>' Request was from Teddy Hogeborn <teddy@recompile.se> to control@bugs.debian.org. (Mon, 10 Oct 2011 08:03:10 GMT) (full text, mbox, link).

Bug archived. Request was from Teddy Hogeborn <teddy@recompile.se> to control@bugs.debian.org. (Mon, 10 Oct 2011 08:03:10 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Jul 1 13:14:38 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.