https://bugzilla.mindrot.org/show_bug.cgi?id=3507
--- Comment #20 from Thomas Koeller <[email protected]> --- (In reply to Iain Morgan from comment #19) > This looks like a client-side issue to me. > > The client logs indicate that no host based authentication packet > was sent. Since EnableSSHKeysign is set in the ssh_config, this > probably means that the permissions are incorrect on either the > ssh-keyskgn executable or the private host keys. > > Note that on Red Hat, ssh-keyskgn is normally setgid to group > ssh_keys, and the private keys are expected to be readable by that > group. Whereas, stock OpenSSH expects the private keys to be > readable only by root and thus ssh-keyskgn should be setuid root. This is correct, I figured that out, too: [root@sarkovy ssh]# ls -l /usr/libexec/openssh/ssh-keysign -r-xr-sr-x. 1 root ssh_keys 326064 29. Sep 13:45 /usr/libexec/openssh/ssh-keysign So I reset the permissions on the key accordingly: [root@sarkovy ssh]# ls -l /etc/ssh/ssh_host_ed25519_key -rw-r-----. 1 root ssh_keys 419 6. Dez 23:11 /etc/ssh/ssh_host_ed25519_key This did not help, and anyway, a fresh build of OpenSSH 9.1p1 exhibits the same behavior. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
