Building systems from tar archives and ssh

Martin McCormick martin at dc.cis.okstate.edu
Sat Mar 29 16:55:24 PST 2003 

	I recently built a couple of FreeBSD systems by
installing the operating system for FreeBSD4.7 on the new systems
and then extracting a tar ball taken from the / directory of a
known good system to essentially clone that system to these new
FreeBSD computers.

	This appeared to go well with at least one glaring
exception.

	After I did this, I could no longer use ssh to make
out-bound connections.  I kept getting a "host key verification
failed" message.  I have checked permissions on both the ssh
executable and /home/martin/.ssh until I am blue in the face and
they look like they did on working FreeBSD systems I have access
to.

	Here is what I know so far.  The only thing that is
broken is the ability of ssh to write to ~/.ssh/known_hosts.  If
I import a known_hosts file from another system, ssh out-bound
connections do work.  If I completely wipe out ~/.ssh and then
try  a ssh connection, even to 127.0.0.1, I get the creation of
.ssh under my root directory, but nothing added to known_hosts.

	If I run ssh in debug mode as in ssh -v -v -v, I see that
ssh tries known_hosts and can establish a connection if
known_hosts happens to have the key to the system I am
contacting, but it simply can't write to that file like it does
on a working system.

	When I built this tar ball, I deliberately removed the
/etc/ssh directory so the new files in that directory would not
be wiped out so that isn't the problem as far as I know.  The
keys in /etc/ssh are used by sshd in in-bound connections anyway.

	Other people have suggested and I fully agree that this
is a permission problem.  I can become root on one of the systems
I broke and I immediately am able to add hosts.

	I could certainly blow the whole thing away and start
over, but I would like to know what I did wrong by extracting the
tar ball over /.  I'd say the system is 90% good and I have this
feeling that the problem is relatively simple to fix although I
am stuck.  Here are the permissions on the important files
involved.  My apologies to those on the FreeBSD Security list who
have been reading my questions over the last couple of days.

lrwxr-xr-x   1 root  wheel        9 Mar 27 14:58 home -> /usr/home
drwxr-xr-x  8 martin    martin       3584 Mar 29 11:32 martin
drwxr-xr-x   9 root  wheel   512 Mar 28 10:25 home
drwx------  2 root  wheel   512 Mar  6 10:18 .ssh
-rw-r--r--  1 martin  martin  10036 Mar 29 11:45 known_hosts

	On the executable side:

drwxr-xr-x   2 root  wheel     1024 Mar 27 14:48 bin
drwxr-xr-x  2 root  wheel       512 Mar 28 15:22 ssh
-r-xr-xr-x   2 root  wheel    89704 Oct  9 07:55 ssh

More information about the freebsd-questions mailing list