Bad owner or permissions on /etc/ssh/ssh_config.d/50-redhat.conf on fedora 39 distro

We are running gcc tests on Yocto in Fedora 39 distro. The gcc tests that has to be run on qemu through ssh were getting failed because of following issues -
“Bad owner or permissions on /etc/ssh/ssh_config.d/50-redhat.conf”
“Bad owner or permissions on /etc/crypto-policies/back-ends/openssh.config”

I manually checked the permissions of this file and having the following permissions:
-rw-r–r–. 1 root root 581 Jan 9 19:00 50-redhat.conf

When I change the file ownership as below,
“-rw-r–r–. 1 harish root 581 Jan 9 19:00 50-redhat.conf”
the “Bad owner or permissions” error is solved but test are failing with another error:
ssh: connect to host port 22: Network is unreachable.

We tried the same test on fedora docker (v37 & v39)) and other distro’s also but not getting the above issues, Only on Fedora installed machine we are getting.

What could be the reason for these errors only on Fedora machine and how to fix this?

1 Like

Maybe selinux lable is not correct. You could try autorelable to see if that fixes it.

touch /.autorelabel

Do basic network debugging.
Can you ping the IP?
Is sshd running on that system? etc.

I don’t think that the problem is the ownership: “Bad owner or permissions

Indeed on my system I get

$ sudo ls -la /etc/ssh/sshd_config.d/
total 8
drwx------. 1 root root  88 Jan 25 01:00 .
drwxr-xr-x. 1 root root 344 May  2 10:07 ..
-rw-------. 1 root root 412 Jan 25 01:00 40-redhat-crypto-policies.conf
-rw-------. 1 root root 307 Jan 25 01:00 50-redhat.conf

With SELinux context:

$ sudo ls -laZ /etc/ssh/sshd_config.d/
total 16
drwx------. 2 root root system_u:object_r:etc_t:s0       88 Jan 25 03:00 .
drwxr-xr-x. 4 root root system_u:object_r:etc_t:s0     4096 Apr 24 03:32 ..
-rw-------. 1 root root system_u:object_r:etc_t:s0      412 Jan 25 03:00 40-redhat-crypto-policies.conf
-rw-------. 1 root root system_u:object_r:etc_t:s0      307 Jan 25 03:00 50-redhat.conf

Several apps/tools will not function by design if the permissions are not as installed. (they check permissions before running the program for security reasons.)

Having the file with these permissions.
“-rw-r–r–. 1 harish root 581 Jan 9 19:00 50-redhat.conf”
when the default is this
“-rw-------. 1 root root 307 Jan 24 18:00 50-redhat.conf”
May be one of those things.

The config files for clients need read permission for all

-rw-r--r--. 1 root root  581 Jan 25 01:00 /etc/ssh/ssh_config.d/50-redhat.conf
-rw-r--r--. 1 root root 1916 Jan 25 01:00 /etc/ssh/ssh_config
drwxr-xr-x. 2 root root 4096 Jan 25 01:00 /etc/ssh/ssh_config.d

The config files for the server does not

-rw-------. 1 root root  307 Jan 25 01:00 /etc/ssh/sshd_config.d/50-redhat.conf
-rw-------. 1 root root  412 Jan 25 01:00 /etc/ssh/sshd_config.d/40-redhat-crypto-policies.conf
-rw-------. 1 root root 3670 Jan 25 01:00 /etc/ssh/sshd_config
drwx------. 2 root root 4096 Jan 25 01:00 /etc/ssh/sshd_config.d

The OP said the error was appearing on the client file with both the title and the text of his initial post.

Since ssh is a security oriented app it seems reasonable that changing ownership of the file may cause that error, though I do not have his exact config to test.

I may have assumed that info was from the server (sshd) side and not the client (ssh) side but the statement about ownership & permissions should still stand.
In fact the comment Bad owner in his post reveals that may be the case.
My system shows the same as yours.

total 4
-rw-r--r--. 1 root root 581 Jan 24 18:00 50-redhat.conf

total 8
-rw-------. 1 root root 412 Jan 24 18:00 40-redhat-crypto-policies.conf
-rw-------. 1 root root 307 Jan 24 18:00 50-redhat.conf

Discussion above is related to the first file indicated there.
The second file shows

ls -l /etc/crypto-policies/back-ends/openssh.config
lrwxrwxrwx. 1 root root 46 Jun 17 18:28 /etc/crypto-policies/back-ends/openssh.config -> /usr/share/crypto-policies/DEFAULT/openssh.txt


ls -l /usr/share/crypto-policies/DEFAULT/openssh.txt
-rw-r--r--. 2 root root 1814 May  9 19:00 /usr/share/crypto-policies/DEFAULT/openssh.txt

Those should be the default values for both files and changing any of that could cause the problem.

Your app also may have an issue depending upon how it is designed to connect and the ownership/permissions on the server side it connects to as well as the user it runs as.

This error could easily be a firewall config since port 22 is blocked by default on fedora.