Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

An alert is missing on the status of private key rights #180

Closed
ZerooCool opened this issue Jul 8, 2019 · 1 comment
Closed

An alert is missing on the status of private key rights #180

ZerooCool opened this issue Jul 8, 2019 · 1 comment

Comments

@ZerooCool
Copy link

ZerooCool commented Jul 8, 2019
edited
Loading

An alert is missing on the status of private key rights

I'm probably bad, but, I create my private keys on the server, after a first login with a simple password.
Once done, I copy the contents of my keys to the local machine.
For that, I am in graphic mode, and, I create two files on my machine: id_rsa_private and id_rsa.pub which have, by default, the rights 664.

I notice the following alert message, with SSH, when I want to connect to my simple local user, using the private key:

ssh USER@SERVEUR -i /home/USERLOCAL/.ssh/SERVEUR/id_rsa_private

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
WARNING: UNPROTECTED PRIVATE KEY FILE!
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for '/home/USERLOCAL/.ssh/SERVEUR/id_rsa_private' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

With that, I understand better!
I was able to identify what looks like a bug, or rather, a lack of precision, but, yet, that seems important.

sshfs -o allow_other,IdentityFile=/home/USERLOCAL/.ssh/SERVEUR/id_rsa_private USERSERVEUR@SERVEUR:/home/USERSERVEUR/FOLDER /home/USERLOCAL/FOLDER

If the user who logs in is the root user of the local machine, the passphrase is required when mounting shared folders.

If the user who logs in is the user of the local machine, the password of the user on the VPS is requested when mounting the shared folders.
Warning ! This is not the normal behavior! If the private key that is copied locally has the right rights, 600, it is the passphrase that will be requested.

So, here, SSHFS does not inform us of the presence of the key, which has bad rights, as does SSH, when connecting as a single user. Yet, the behavior seems identical! SSHFS will ignore the private key! OUTCH: /

I really think that SSHFS should be able to warn of the problem of law over the private key, in the same way that SSH does.
@Nikratio
Copy link
Contributor

Nikratio commented Sep 5, 2019

SSHFS does not have any active, regular contributors or developers. The current maintainer continues to apply pull requests and tries to make regular releases, but unfortunately has no capacity to do any development beyond addressing high-impact issues. When reporting bugs, please understand that unless you are including a pull request or are reporting a critical issue, you will probably not get a response.

To prevent the issue tracker from being flooded with issues that no-one is intending to work on, and to give more visibilty to critical issues that users should be aware of and that most urgently need attention, I will also close most bug reports once they've been inactive for a while.

Please note that this isn't meant to imply that you haven't found a bug - you most likely have and I'm grateful that you took the time to report it. Unfortunately, SSHFS is a purely volunteer driven project,
and at the moment there simply aren't any volunteers.

@Nikratio Nikratio closed this as completed Sep 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Nikratio @ZerooCool