Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[202012][armhf] sshd failed to start #11134

Open
Blueve opened this issue Jun 14, 2022 · 4 comments
Open

[202012][armhf] sshd failed to start #11134

Blueve opened this issue Jun 14, 2022 · 4 comments
Assignees
@Blueve
Labels
Issue for 202012 Triaged this issue has been triaged

Comments

@Blueve
Copy link
Contributor

Blueve commented Jun 14, 2022

Description

sshd failed to start in armhf platform after this PR merged #10910

Permission errors are raised during start up sshd service

sudo sshd -t
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh/ssh_host_ed25519_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
sshd: no hostkeys available -- exiting.

Issue can be mitigated by manually change the key's permission level

sudo chmod 600 /etc/ssh/ssh_host_rsa_key
sudo chmod 600 /etc/ssh/ssh_host_ecdsa_key
sudo chmod 600 /etc/ssh/ssh_host_ed25519_key

The issue were not found on x86 platform.

Steps to reproduce the issue:

  1. Install image with change [202012][openssh] openssh: Upgrade from 7.9 to 8.4, to match version in buster-backports #10910
  2. ssh to the device

Describe the results you received:

ssh client failed to connect to switch

Describe the results you expected:

ssh should work as usual

Output of show version:

(paste your output here)

Output of show techsupport:

(paste your output here or download and attach the file here )

Additional information you deem important (e.g. issue happens only occasionally):
@Blueve
Copy link
Contributor Author

Blueve commented Jun 14, 2022

Might related to this change? #10633

@Blueve
Copy link
Contributor Author

Blueve commented Jun 14, 2022

Plan to revert the openssh upgrade change: #11136

The main concern is the openssh 8.4 will bring another issue: CVE-2021-28041 openssh: double-free memory corruption may lead to arbitrary code execution

@Blueve Blueve mentioned this issue Jun 14, 2022
Merged
@yxieca yxieca added the Triaged this issue has been triaged label Jun 22, 2022
@yxieca
Copy link
Contributor

yxieca commented Jun 22, 2022

@Blueve what do we need to do to close this issue? Any further actions?

@Blueve
Copy link
Contributor Author

Blueve commented Jun 23, 2022

@yxieca the root cause was armhf private key permission issue.
I think we need to solve it as well before we close this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Blueve Blueve

Labels
Issue for 202012 Triaged this issue has been triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Blueve @yxieca