Date: Sat, 29 Mar 2003 18:55:19 -0600 From: Martin McCormick <martin@dc.cis.okstate.edu> To: freebsd-questions@freebsd.org Subject: Building systems from tar archives and ssh Message-ID: <200303300055.h2U0tK5b040548@dc.cis.okstate.edu>
next in thread | raw e-mail | index | archive | help
I recently built a couple of FreeBSD systems by installing the operating system for FreeBSD4.7 on the new systems and then extracting a tar ball taken from the / directory of a known good system to essentially clone that system to these new FreeBSD computers. This appeared to go well with at least one glaring exception. After I did this, I could no longer use ssh to make out-bound connections. I kept getting a "host key verification failed" message. I have checked permissions on both the ssh executable and /home/martin/.ssh until I am blue in the face and they look like they did on working FreeBSD systems I have access to. Here is what I know so far. The only thing that is broken is the ability of ssh to write to ~/.ssh/known_hosts. If I import a known_hosts file from another system, ssh out-bound connections do work. If I completely wipe out ~/.ssh and then try a ssh connection, even to 127.0.0.1, I get the creation of .ssh under my root directory, but nothing added to known_hosts. If I run ssh in debug mode as in ssh -v -v -v, I see that ssh tries known_hosts and can establish a connection if known_hosts happens to have the key to the system I am contacting, but it simply can't write to that file like it does on a working system. When I built this tar ball, I deliberately removed the /etc/ssh directory so the new files in that directory would not be wiped out so that isn't the problem as far as I know. The keys in /etc/ssh are used by sshd in in-bound connections anyway. Other people have suggested and I fully agree that this is a permission problem. I can become root on one of the systems I broke and I immediately am able to add hosts. I could certainly blow the whole thing away and start over, but I would like to know what I did wrong by extracting the tar ball over /. I'd say the system is 90% good and I have this feeling that the problem is relatively simple to fix although I am stuck. Here are the permissions on the important files involved. My apologies to those on the FreeBSD Security list who have been reading my questions over the last couple of days. lrwxr-xr-x 1 root wheel 9 Mar 27 14:58 home -> /usr/home drwxr-xr-x 8 martin martin 3584 Mar 29 11:32 martin drwxr-xr-x 9 root wheel 512 Mar 28 10:25 home drwx------ 2 root wheel 512 Mar 6 10:18 .ssh -rw-r--r-- 1 martin martin 10036 Mar 29 11:45 known_hosts On the executable side: drwxr-xr-x 2 root wheel 1024 Mar 27 14:48 bin drwxr-xr-x 2 root wheel 512 Mar 28 15:22 ssh -r-xr-xr-x 2 root wheel 89704 Oct 9 07:55 ssh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303300055.h2U0tK5b040548>