Disable Your SSH Access With This One Simple Trick
Here's an interesting bug I ran into recently: After transferring some files to my server via scp, I couldn't log in via SSH anymore - my key was rejected by sshd.
user@host: Permission denied (publickey).
The thing is, as luck would have it, I had previously set up a WebDAV server on the same machine - I've been using it for a number of things, for example as a makeshift synchronization solution for my KeePass database - and since it was just sshd acting up and everything else still worked fine, I could still access the entire file system via WebDAV.
My first thought was that some application had overwritten my authorized_keys file. Forgejo used to do this in the past every time it was updated, but I believe they fixed this. I certainly haven't had that issue for quite a while now. And sure enough, my key was still in there.
I tried creating a new key, putting it into authorized_keys and logging in using that, but to no avail. I tried logging in from a different machine - still nothing. I temporarily modified the sshd configuration to allow logging in via a password again, which worked flawlessly, but of course this was a workaround and not a solution. A reboot didn't help either (but I thought I might as well).
Luckily, when I say "server", what I really mean is a single-board computer sitting in my own four walls. So eventually, I gave in, took out the SD card and put it into my machine. I thought I'd run fsck for good measure, but it didn't report any issues. (And I hoped it wouldn't, the card is barely a few months old after all!)
But then I noticed something odd while cd'ing and ls'ing my way around the file system: The file system permissions of my home directory were set to rwxrwxrwx (777). I was certain that I didn't make this change - not least because ls helpfully highlighted the respective entry with a green background, something I no doubt would've noticed in the past.
If you're using SSH yourself, you may have run into a curious issue in the past: sshd telling you that the permissions of your private key file are too open. OpenSSH will refuse to use a key to connect to any server if said file is readable by any user but yourself:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for 'id_ed25519' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "id_ed25519": bad permissions user@host: Permission denied (publickey).
... continue reading