ssh files in /etc not listed correctly, possibly ACL related

Tue Mar 9 18:18:17 UTC 2010

On Sat, 6 Mar 2010 11:06:08 -0700
Doug McNutt <douglist at macnauchtan.com> wrote:

> I may be jumping the gun here. No confirmation  notice has arrived
> and I'm frustrated. Please forgive me. Launchpad wants a package name
> and I haven't been able to figure out the GUI.
> 
> The problem:  Numerous ssh* files in /etc/ssh/ are showing up in
> listings of the /ssh/ directory and I don't think they should. They
> are under access control (ACL) according to the dots in the listings
> below. That may have happened during a misguided installation of
> SELinux which has been removed, I think, as of the ubuntu 9.10
> install. It may also be the result of a security update. All such
> things have been installed as of this date.
> 
> Actions directed to files matching /etc/ssh* fail with No such file
> or directory. I think it's the reason that my scp and ssh operations
> are now requiring passwords instead of checking public keys.

<snip/>

> Mars[/etc]> getfacl ssh_host_rsa_key.pub  
> getfacl: ssh_host_rsa_key.pub: No such file or directory

Correct. These files exist under /etc/ssh, *not* under /etc.

> Looking at the directories in detail and with different versions of
> ls and built-in shell listers:
> 
> Mars[/etc]> ls -li ssh*
> total 224
> 16092112 -rw-r--r--  1 root root 125749 2008-10-13 12:52 moduli
> 16090853 -rw-rw-rw-. 1 root root   1626 2008-09-19 15:53 ssh_config
> 16091400 -rw-r-----. 1 root root   1595 2008-08-13 13:39

<snip/> 

Correct working of 'ls'. You are under '/etc', and issuing a 'ls ssh*'.
So all files -- and directories -- beginning with 'ssh' will be
returned. Now, ./ssh matches the wildcard, and is a directory. So all
files under ./ssh/ will be shown. Including ./ssh/moduli.

> Mars[/etc]> cd ssh
> Mars[/etc/ssh]> ls -li ssh*
> 16090853 -rw-rw-rw-. 1 root root 1626 2008-09-19 15:53 ssh_config

<snip/>

Now, here, we do not see the ./moduli file, since it does not match the
wildcard.

> 
> Mars[/etc]> ls -liR ssh*
> ssh:
> total 176
> 16092112 -rw-r--r-- 1 root root 125749 2008-10-13 12:52 moduli
> 16090853 -rw-rw-rw- 1 root root   1626 2008-09-19 15:53 ssh_config

<snip/>

Same as the first case. You are under /etc, and issuing a 'ls -liR
ssh*', which will match the ./ssh directory.

> Mars[/etc]> /bin/ls -il ssh*
> total 176
> 16092112 -rw-r--r-- 1 root root 125749 2008-10-13 12:52 moduli
> 16090853 -rw-rw-rw- 1 root root   1626 2008-09-19 15:53 ssh_config

<snip/>

Same as previous.

> 
> Why does ssh* match moduli ??

Please see above.

> Note the link counts. The items in /etc are NOT hard links to those
> in /etc/ssh even though they have the same inodes

This is because they are the very same files.

> 
> Nautilus file browser does not display the ssh* files in /etc/ but
> does in /etc/ssh/ bash does the same thing as tcsh

Nautilus is probably doing a different wildcarding (but I do not really
know).

> Logging in to another machine . . . . That's my real problem. I
> shouldn't have to enter a password because the keys have been set up
> in ~/.ssh and worked a while ago.

<snip/>

> Comments?  It it a bug?  fsck had no complaints about the file
> system. Someone to talk to?

The only real weird thing is the permissions of /etc/ssh/ssh*_config.
You really want anyone to mess up with your ssh_config and sshd_config?
Normally these files are 644: anybody can read, but only the owner can
write.

Regards,

..C..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-bugsquad/attachments/20100309/678ea31c/attachment.sig>