ssh key permissions changed from 600 to 644
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Nova Compute Proxy Charm |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
From the driving system:
vance@zs95k5:
commit a36b5c6b5ad6b04
Author: Ryan Beisner <email address hidden>
Date: Thu Nov 3 02:18:38 2016 +0000
Add initial tests
- Resync charm-helpers.
- Add missing install.real hook.
- Add missing status update hook.
- Add very basic unit tests and amulet tests.
Partial-Bug: #1639020
Partial-Bug: #1638773
Change-Id: Ifbf627329ddb25
vance@zs95k5:
2.0.0-xenial-s390x
vance@zs95k5:
total 12
drwxrwxr-x 2 vance vance 4096 Nov 4 10:30 .
drwxrwxr-x 11 vance vance 4096 Nov 4 10:44 ..
-rw------- 1 vance vance 1679 Nov 4 10:30 id_rsa
-rw-rw-r-- 1 vance vance 0 Nov 4 10:26 .keep
Deploying the charm fails with:
unit-nova-
unit-nova-
unit-nova-
unit-nova-
unit-nova-
Inside the deployed unit, I find the permissions of the id_rsa file have changed to 644. This will cause SSH to fail:
root@juju-
total 5
drwxr-xr-x 2 root root 4 Nov 4 15:32 .
drwxr-xr-x 10 root root 24 Nov 4 15:32 ..
-rw-r--r-- 1 root root 1679 Nov 4 15:32 id_rsa
-rw-r--r-- 1 root root 0 Nov 4 15:32 .keep
root@juju-
Warning: Permanently added '10.20.95.79' (ECDSA) to the list of known hosts.
@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@
Permissions 0644 for 'id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "id_rsa": bad permissions
root@10.20.95.79's password:
Ah, well I determined that it was simply a matter of having installed the incorrect SSH keys into the target KVM host.
I'm not sure you'd like to alter the ssh key file permissions though so I'll leave this open for now!