Bug 131544
Summary: | FC3 release notes -- openssh 3.9 changes | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ulrich Drepper <drepper> |
Component: | fedora-release | Assignee: | Ed Bailey <ed> |
Status: | CLOSED NEXTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | barryn, poelstra, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-10-22 20:09:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 114398 |
Description
Ulrich Drepper
2004-09-02 02:57:08 UTC
Ulrich -- Sounds like an important issue to bring up. Does this sound ok to you: Fedora Core 3 contains OpenSSH 3.9, which includes strict permission and ownship checks for the ~/.ssh/config file. For example, ssh will exit if this file does not have appropriate ownership and permissions. Therefore, make sure that ~/.ssh/config is owned by the owner of ~/, and that its permissions are set to mode 600. Drop the "For example" and you should be fine. Well, I needed some noise words in there to get away from the situation of starting a sentence with a command that should not be capitalized... :-) Here's what I ended up doing; if this just doesn't work for you, feel free to reopen this bug: Fedora Core 2.91 Test 2 contains OpenSSH 3.9, which includes strict permission and ownship checks for the ~/.ssh/config file. These checks mean that ssh will exit if this file does not have appropriate ownership and permissions. Therefore, make sure that ~/.ssh/config is owned by the owner of ~/, and that its permissions are set to mode 600. Thanks for reporting this! Typo in the text: ownship -> ownership Also probably in the RHEL4 version. Good catch -- thanks! Fixed the RHEL4 version as well... I think you should add something about X11 forwarding over ssh. With previous versions it was enabled by default when ssh-ing to another machine. It was intially confusing when I changed from FC2 to FC3 because the error message returned in FC3 is not clear that the problem/change is related to ssh. e.g. "(gnome-terminal:14625): Gtk-WARNING **: cannot open display: Now I find that I have do ssh -X user@remote machine for it to work or for privileged commands ssh -Y user@remote machine (e.g. gnome, firefox, etc). How about adding: OpenSSH is no longer configured to request X11 forwarding by default when connecting to servers. To enable X11 forwarding, the -X or -Y option must be specified, or the "ForwardX11" option must be enabled in ~/.ssh/config. The behavior of ssh clients which are invoked with the -X flag has changed. In OpenSSH 3.8 and later, X11 forwarding is performed in a way that applications run as "untrusted" clients by default. Previously, X11 forwarding was performed so that applications always ran as "trusted" clients. Some applications may not function properly when run as untrusted clients. To forward X11 so that applications are run as trusted clients, invoke ssh with the -Y flag instead of the -X flag, or set "ForwardX11Trusted" in ~/.ssh/config. Added -- thanks Nalin! |