[Bug 2016597] Re: Tests create ~/.ssh/authorized_keys group writable due to wrong umask

[Launchpad Bug Tracker]

This bug was fixed in the package tinyssh - 20230101-1ubuntu1

---------------
tinyssh (20230101-1ubuntu1) devel; urgency=medium

  * d/tests: Create ~/.ssh/authorized_keys with proper umask (LP: #2016597)
  * d/tests: Avoid flaky failures on slow testbeds

 -- Lukas Märdian <slyon at ubuntu.com>  Mon, 17 Apr 2023 15:09:53 +0200

** Changed in: tinyssh (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2016597

Title:
  Tests create ~/.ssh/authorized_keys group writable due to wrong umask

Status in systemd package in Ubuntu:
  Invalid
Status in tinyssh package in Ubuntu:
  Fix Released

Bug description:
  Traditionally, the default umask as been 0022, which is still the case
  on Debian and for the root user on Ubuntu.

  But for non-root users PAM sets a user's session umask to 0002 by
  default (/etc/pam.d/common-session*), as defined in "/etc/login.defs"
  via USERGROUPS_ENAB.

  tinyssh's sshd will reject connections if ~/.ssh/authorized_key is writable by group/other.
  The test case (re-)creates ~/.ssh/authorized_keys by echoing some strings/keys into it, which creates a new file on the default umask, breaking the test.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2016597/+subscriptions