Re: New Deb 8 and no sshd access from other hosts

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: New Deb 8 and no sshd access from other hosts
From: Tom Browder <tom.browder@gmail.com>
Date: Wed, 30 Mar 2016 07:02:46 -0500
Message-id: <[🔎] CAFMGiz8SQ7Z4N2dwzbQNnro=iAFu9PFsPMM2r1vG1CqJdyPHmg@mail.gmail.com>
In-reply-to: <[🔎] 20160326185754.GB11227@alum>
References: <[🔎] CAFMGiz-tFkmo-RpubeNMN9A2V7f1fTE+qiN2=xehQurPQ3YQzA@mail.gmail.com> <[🔎] 20160326185754.GB11227@alum>

On Saturday, March 26, 2016, David Wright <deblis@lionunicorn.co.uk> wrote:
>
> A bit early for [SOLVED], I think.

I respectively disagree, David.

> On Sat 26 Mar 2016 at 12:08:37 (-0500), Tom Browder wrote:
> > On Fri, Mar 25, 2016 at 12:12 PM, Tom Browder <tom.browder@gmail.com> wrote:
> > > I have installed Deb on my laptop and reused my old Deb 7 .ssh directory.
...
>
> Not such a wonderful resource if it is so easily misunderstood. The
> idea is to fix the permissions, not make your installation less secure.

I agree.

> > Base on the comments from jvp, I looked closer at my home directory on
> > the laptop and, sure enough, the permissions were too loose (first I
...
> > Then, in the upper widow, I saw the problem.  Directory '/usr/local',
> > under which my .ssh directory is actually located, was reported to
> > have bad permissions:
> >
> >   Authentication refused: bad ownership or modes for directory /usr/local
...> >
> >  I checked and they were, surprisingly:
> >
> >   # ls -ld /usr/local
> >   drwxrwsr-x 31 root staff 4096 Mar 24 07:37 /usr/local
> >
> > I don't know how that happened, but it must have happened during the
> > upgrade two days ago when I continued to use my original partition
> > mounted as '/usr/local' which was not supposed to have been touched.
...
> I don't know what happened long before that! When did /usr/local
> become your home directory?

See below.

> > Anyway, as root, I fixed the permissions back to what I think is correct:
> >
> >   # chmod 00755 /usr/local
> >   # ls -ld /usr/local
> >   drwxr-xr-x 31 root staff 4096 Mar 24 07:37 /usr/local
>
> So now the system is degraded a bit more. The correct permissions, in
> fact the entire contents, are:
...

Who says those permissions are correct? I checked the file system
standard which says that /usr/local is optional. I provide my own
/usr/local partion which I save when reinstalling a new OS and see no
reason to provide setuid or setgid for it. When I first started
administering Unix systems on SGI in 1993, the user home directories
were in /usr/local/people and I kept using that as I transitioned the
hosts under my control to Linux systems in 1994.

Over the years on my own systems I have found it convenient to keep
home system resource directories and files (.bashrc, .profile,
.bash_aliase, .xemacs, .ssh, etc.) in a version-controlled, personal
directory under /usr/local. I then soft link those back to whatever
the newly installed system sets as my home directory. It has worked
fine until the Debian 8 install set the permissions as noted which
interfered with strict ssh.

Anyway, all is well now.

Thanks, David.

Best regards,

-Tom

Reply to:

Follow-Ups:
- Re: New Deb 8 and no sshd access from other hosts
  - From: David Wright <deblis@lionunicorn.co.uk>

References:
- Re: New Deb 8 and no sshd access from other hosts [SOLVED]
  - From: Tom Browder <tom.browder@gmail.com>
- Re: New Deb 8 and no sshd access from other hosts
  - From: David Wright <deblis@lionunicorn.co.uk>

Prev by Date: Re: Repeated failure of install of Jessie
Next by Date: Re: restarting network
Previous by thread: Re: New Deb 8 and no sshd access from other hosts
Next by thread: Re: New Deb 8 and no sshd access from other hosts
Index(es):
- Date
- Thread