The .ssh directory in /etc/skel should be chmod 700 since it's currently not executable. This makes attempts to add hosts to .ssh/known_hosts fail. Reproducible: Always Steps to Reproduce: Make a new account and try to ssh to another host. When it asks you if you want to continue connecting say yes. Actual Results: The authenticity of host 'somehost (192.168.1.2)' can't be established. RSA key fingerprint is aa:bb:cc:dd:ee:ff:00:11:22:33:44:55:66:77:88:99. Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/home/user/.ssh/known_hosts). Expected Results: The authenticity of host 'somehost (192.168.1.2)' can't be established. RSA key fingerprint is aa:bb:cc:dd:ee:ff:00:11:22:33:44:55:66:77:88:99. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'somehost,192.168.1.2' (RSA) to the list of known hosts.
No such directory here. Please post the output of equery b /etc/skel/.ssh (emerge gentoolkit if you don't have equery). Thanks.
[ Searching for file(s) /etc/skel/.ssh in *... ] net-misc/openssh-4.5_p1-r1 (/etc/skel/.ssh)
I have this directory and it is 700. There is in ebuild in src_install (): diropts -m 0700 dodir /etc/skel/.ssh
(In reply to comment #3) > I have this directory and it is 700. > > There is in ebuild in src_install (): > diropts -m 0700 > dodir /etc/skel/.ssh > I saw that...I tried to experiment but re-emerging OpenSSL removed the directory and it won't come back.
(In reply to comment #4) > > I saw that...I tried to experiment but re-emerging OpenSSL removed the > directory and it won't come back. That should say OpenSSH obviously.
I found the problem. /etc/skel/.ssh is in stage3-amd64-2007.0.tar.bz2 with the wrong permissions. I didn't check any of the other stage3 tarballs.
(In reply to comment #4 and comment #5) > re-emerging OpenSSH removed the directory and it won't come back. This directory is empty and I think that newer Portage has better checking mtime. Post the output of `emerge --info`.
(In reply to comment #7) > (In reply to comment #4 and comment #5) > > re-emerging OpenSSH removed the directory and it won't come back. > > This directory is empty and I think that newer Portage has better checking > mtime. Post the output of `emerge --info`. > No; portage won't change the dir permissions - see Bug 141619.
(In reply to comment #7) > (In reply to comment #4 and comment #5) > > re-emerging OpenSSH removed the directory and it won't come back. > > This directory is empty and I think that newer Portage has better checking > mtime. Post the output of `emerge --info`. > Portage 2.1.2.7 (default-linux/amd64/2007.0, gcc-4.1.1, glibc-2.5-r0, 2.6.20-gentoo-r8 x86_64) ================================================================= System uname: 2.6.20-gentoo-r8 x86_64 AMD Athlon(tm) 64 Processor 3200+ Gentoo Base System release 1.12.9 Timestamp of tree: Sat, 16 Jun 2007 21:20:01 +0000 dev-java/java-config: 1.3.7, 2.0.32 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="ftp://gentoo.arcticnetwork.ca/pub/gentoo/ http://gentoo.arcticnetwork.ca/ ftp://mirrors.tera-byte.com/pub/gentoo http://gentoo.mirrors.tera-byte.com/ ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ " MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X aac acl alsa amd64 animgif apache2 artworkextra berkdb binary-drivers bitmap-fonts bittorrent bzip2 cdr clamav cli colordiff cracklib crypt cups divx dri dvd dvdr dvdread encode faillog firefox fortran gdbm gif gimp gmedia gnome gpm gre gs gtk hardened iconv imagemagick imap ipv6 javascript john jpeg junit keyring keyscrub lame libclamav libg++ logrotate lzw midi mmx mmxext mp3 mpeg mpeg2 mplayer mplayer-bin msn mudflap musicbrainz mysql nautilus ncurses net nls nptl nptlonly ntfs offensive opengl openmp openssl pam pcap pcre pdf perl php png pppd python quicktime rar rdesktop readline realmedia reflection samba scrobbler session sftp signatures spell spl spoof-source sse sse2 ssl subversion syslog tagwriting tcpd thunderbird tiff transcode truetype truetype-fonts type1 type1-fonts unicode vim-syntax vnc vncviewer vorbis wav webdav wifi wireshark wma wmp xinerama xinetd xorg xvid zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="fglrx" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
*** Bug 183577 has been marked as a duplicate of this bug. ***
Well, so... missing dir - Bug 16162 wrong permissions - Bug 141619 Apparently this would be best not included in stages at all and the job left to openssh ebuild.
(In reply to comment #11) > Apparently this would be best not included in stages at all and the job left to > openssh ebuild. The files that are in the stages are from the openssh build. There are no "magic files" in the stages. Every file, directory, etc. was created by the ebuild of a package that makes up the stage.
I think this bug has been fixed in bug 173043, but unfortunately the wrong version of OpenSSH made it into the release-snapshot.
This should be fixed in 2008.0
