ssh files in /etc not listed correctly, possibly ACL related

Doug McNutt douglist at macnauchtan.com
Sat Mar 6 18:06:08 UTC 2010 

I may be jumping the gun here. No confirmation  notice has arrived and I'm frustrated. Please forgive me. Launchpad wants a package name and I haven't been able to figure out the GUI.

The problem:  Numerous ssh* files in /etc/ssh/ are showing up in listings of the /ssh/ directory and I don't think they should. They are under access control (ACL) according to the dots in the listings below. That may have happened during a misguided installation of SELinux which has been removed, I think, as of the ubuntu 9.10 install. It may also be the result of a security update. All such things have been installed as of this date.

Actions directed to files matching /etc/ssh* fail with No such file or directory. I think it's the reason that my scp and ssh operations are now requiring passwords instead of checking public keys.

Following are snippets from a Terminal session:

Sat Mar 06 03:52:33 MST 2010 
You are using Ubuntu 9.10  - the Karmic Koala
Mars[~]> uname -a
Linux Mars 2.6.31-20-generic #57-Ubuntu SMP Mon Feb 8 09:02:26 UTC 2010 x86_64 GNU/Linux
Mars[~]> which tcsh
/home/doug/bin/tcsh
Mars[~]> tcsh --version
tcsh 6.17.00 (Astron) 2009-07-10 (x86_64-unknown-linux) options wide,nls,dl,al,kan,rh,color,filec
Mars[~]> /bin/tcsh --version
tcsh 6.14.00 (Astron) 2005-03-25 (x86_64-unknown-linux) options wide,nls,dl,al,kan,rh,nd,color,filec

Mars[/etc]> getfacl ssh_host_rsa_key.pub
getfacl: ssh_host_rsa_key.pub: No such file or directory

Mars[/etc]> cd ssh
Mars[/etc/ssh]> getfacl ssh_host_rsa_key.pub
# file: ssh_host_rsa_key.pub
# owner: root
# group: root
user::rw-
group::r--
other::r--

Mars[/etc/ssh]> setfacl -b ssh_host_rsa_key.pub # doesn't work as advertised.

Mars[/etc/ssh]> getfacl ssh_host_rsa_key.pub
# file: ssh_host_rsa_key.pub
# owner: root
# group: root
user::rw-
group::r--
other::r--

Looking at the directories in detail and with different versions of ls and built-in shell listers:

Mars[/etc]> ls -li ssh*
total 224
16092112 -rw-r--r--  1 root root 125749 2008-10-13 12:52 moduli
16090853 -rw-rw-rw-. 1 root root   1626 2008-09-19 15:53 ssh_config
16091400 -rw-r-----. 1 root root   1595 2008-08-13 13:39 ssh_config_080812
16091278 -rw-rw-rw-. 1 root root   3694 2009-05-25 15:48 sshd_config
16091513 -rw-r--r--. 1 root root   1966 2008-08-13 18:07 sshd_config_080813
16091445 -rw-------. 1 root root    668 2008-05-14 10:55 ssh_host_dsa_key
16091281 -rw-------. 1 root root    668 2008-04-29 20:44 ssh_host_dsa_key.broken
16091446 -rw-r--r--. 1 root root    599 2008-05-14 10:55 ssh_host_dsa_key.pub
16091282 -rw-r--r--. 1 root root    599 2008-04-29 20:44 ssh_host_dsa_key.pub.broken
16089645 -rw-------. 1 root root   1675 2008-05-14 10:55 ssh_host_rsa_key
16091279 -rw-------. 1 root root   1675 2008-04-29 20:44 ssh_host_rsa_key.broken
16091444 -rw-r--r--. 1 root root    391 2008-05-14 10:55 ssh_host_rsa_key.pub
16091280 -rw-r--r--. 1 root root    391 2008-04-29 20:44 ssh_host_rsa_key.pub.broken

Mars[/etc]> cd ssh
Mars[/etc/ssh]> ls -li ssh*
16090853 -rw-rw-rw-. 1 root root 1626 2008-09-19 15:53 ssh_config
16091400 -rw-r-----. 1 root root 1595 2008-08-13 13:39 ssh_config_080812
16091278 -rw-rw-rw-. 1 root root 3694 2009-05-25 15:48 sshd_config
16091513 -rw-r--r--. 1 root root 1966 2008-08-13 18:07 sshd_config_080813
16091445 -rw-------. 1 root root  668 2008-05-14 10:55 ssh_host_dsa_key
16091281 -rw-------. 1 root root  668 2008-04-29 20:44 ssh_host_dsa_key.broken
16091446 -rw-r--r--. 1 root root  599 2008-05-14 10:55 ssh_host_dsa_key.pub
16091282 -rw-r--r--. 1 root root  599 2008-04-29 20:44 ssh_host_dsa_key.pub.broken
16089645 -rw-------. 1 root root 1675 2008-05-14 10:55 ssh_host_rsa_key
16091279 -rw-------. 1 root root 1675 2008-04-29 20:44 ssh_host_rsa_key.broken
16091444 -rw-r--r--. 1 root root  391 2008-05-14 10:55 ssh_host_rsa_key.pub
16091280 -rw-r--r--. 1 root root  391 2008-04-29 20:44 ssh_host_rsa_key.pub.broken

Mars[/etc]> ls -liR ssh*
ssh:
total 176
16092112 -rw-r--r-- 1 root root 125749 2008-10-13 12:52 moduli
16090853 -rw-rw-rw- 1 root root   1626 2008-09-19 15:53 ssh_config
16091400 -rw-r----- 1 root root   1595 2008-08-13 13:39 ssh_config_080812
16091278 -rw-rw-rw- 1 root root   3694 2009-05-25 15:48 sshd_config
16091513 -rw-r--r-- 1 root root   1966 2008-08-13 18:07 sshd_config_080813
16091445 -rw------- 1 root root    668 2008-05-14 10:55 ssh_host_dsa_key
16091281 -rw------- 1 root root    668 2008-04-29 20:44 ssh_host_dsa_key.broken
16091446 -rw-r--r-- 1 root root    599 2008-05-14 10:55 ssh_host_dsa_key.pub
16091282 -rw-r--r-- 1 root root    599 2008-04-29 20:44 ssh_host_dsa_key.pub.broken
16089645 -rw------- 1 root root   1675 2008-05-14 10:55 ssh_host_rsa_key
16091279 -rw------- 1 root root   1675 2008-04-29 20:44 ssh_host_rsa_key.broken
16091444 -rw-r--r-- 1 root root    391 2008-05-14 10:55 ssh_host_rsa_key.pub
16091280 -rw-r--r-- 1 root root    391 2008-04-29 20:44 ssh_host_rsa_key.pub.broken

Mars[/etc]> /bin/ls -il ssh*
total 176
16092112 -rw-r--r-- 1 root root 125749 2008-10-13 12:52 moduli
16090853 -rw-rw-rw- 1 root root   1626 2008-09-19 15:53 ssh_config
16091400 -rw-r----- 1 root root   1595 2008-08-13 13:39 ssh_config_080812
16091278 -rw-rw-rw- 1 root root   3694 2009-05-25 15:48 sshd_config
16091513 -rw-r--r-- 1 root root   1966 2008-08-13 18:07 sshd_config_080813
16091445 -rw------- 1 root root    668 2008-05-14 10:55 ssh_host_dsa_key
16091281 -rw------- 1 root root    668 2008-04-29 20:44 ssh_host_dsa_key.broken
16091446 -rw-r--r-- 1 root root    599 2008-05-14 10:55 ssh_host_dsa_key.pub
16091282 -rw-r--r-- 1 root root    599 2008-04-29 20:44 ssh_host_dsa_key.pub.broken
16089645 -rw------- 1 root root   1675 2008-05-14 10:55 ssh_host_rsa_key
16091279 -rw------- 1 root root   1675 2008-04-29 20:44 ssh_host_rsa_key.broken
16091444 -rw-r--r-- 1 root root    391 2008-05-14 10:55 ssh_host_rsa_key.pub
16091280 -rw-r--r-- 1 root root    391 2008-04-29 20:44 ssh_host_rsa_key.pub.broken

Why does ssh* match moduli ??

Note the link counts. The items in /etc are NOT hard links to those in /etc/ssh even though they have the same inodes.

Nautilus file browser does not display the ssh* files in /etc/ but does in /etc/ssh/
bash does the same thing as tcsh

Logging in to another machine . . . . That's my real problem. I shouldn't have to enter a password because the keys have been set up in ~/.ssh and worked a while ago.

Mars[/etc/ssh]> ssh Gallifrey
doug at 192.168.1.26's password:  <entered>
Linux Gallifrey 2.6.31-20-generic-pae #57-Ubuntu SMP Mon Feb 8 10:23:59 UTC 2010 i686
Last login: Thu Mar  4 14:48:14 2010 from mars.local
Gallifrey:~> cd /etc
Gallifrey:/etc> ls -li ssh*
total 148
39659 -rw-r--r-- 1 root root 125749 2009-10-22 13:50 moduli
39658 -rw-r--r-- 1 root root   1595 2009-10-22 13:50 ssh_config
46078 -rw-r--r-- 1 root root   1874 2009-11-03 15:57 sshd_config
46391 -rw------- 1 root root    672 2009-11-03 15:57 ssh_host_dsa_key
46392 -rw-r--r-- 1 root root    604 2009-11-03 15:57 ssh_host_dsa_key.pub
46389 -rw------- 1 root root   1675 2009-11-03 15:57 ssh_host_rsa_key
46390 -rw-r--r-- 1 root root    396 2009-11-03 15:57 ssh_host_rsa_key.pub
Gallifrey:/etc> cd ssh
Gallifrey:/etc/ssh> ls -li ssh*
39658 -rw-r--r-- 1 root root 1595 2009-10-22 13:50 ssh_config
46078 -rw-r--r-- 1 root root 1874 2009-11-03 15:57 sshd_config
46391 -rw------- 1 root root  672 2009-11-03 15:57 ssh_host_dsa_key
46392 -rw-r--r-- 1 root root  604 2009-11-03 15:57 ssh_host_dsa_key.pub
46389 -rw------- 1 root root 1675 2009-11-03 15:57 ssh_host_rsa_key
46390 -rw-r--r-- 1 root root  396 2009-11-03 15:57 ssh_host_rsa_key.pub
Gallifrey:/etc/ssh> uname -a
Linux Gallifrey 2.6.31-20-generic-pae #57-Ubuntu SMP Mon Feb 8 10:23:59 UTC 2010 i686 GNU/Linux
Gallifrey:/etc/ssh> echo $SHELL
/usr/bin/tcsh
Gallifrey:/etc/ssh> logout

Comments?  It it a bug?  fsck had no complaints about the file system. Someone to talk to?

Doug McNutt.   www.macnauchtan.com has more about me.

-- 

-->  Halloween  == Oct 31 == Dec 25 == Christmas  <--

More information about the Ubuntu-bugsquad mailing list