can't write to ssh known_hosts file

Thanks, that file shouldn't have been world readable -- but that did not solve the problem either.

I did the restore because some OS files were corrupted. I did not use the migration assistant in doing so, but rather did a clean install of the OS and then restored my data files (including ~/.ssh/*) from backup. I'm not an ssh guru but I wonder if there's some disconnect between the contents of ~/ssh and the MBP's current system keys (which are different than the pre-restore keys)?

thaks again

Sorry I didn't make this clearer, but I am able to connect with ssh.

What I am not able to do is save the remote system's public key to ~/.ssh/known_hosts, even though I have write permission to the file:

$ ls -l ~/.ssh/known_hosts
-rw-------@ 1 dnewman staff 36439 Sep 26 17:51 /Users/dnewman/.ssh/known_hosts

As a result I get the same unknown-host prompt every time I ssh to each host:

dhcp130:Desktop dnewman$ ssh -l root dhcp167
The authenticity of host 'dhcp167 (172.31.0.167)' can't be established.
DSA key fingerprint is 66:3d:0c:31:e0:07:09:6b:21:f9:8c:79:40:50:01:45.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/Users/dnewman/.ssh/known_hosts).

(and then it goes on to connect)

My question is how to restore the ability to write to known_hosts.

thanks

Can you manually edit the file?

No. vi thinks it's a readonly file despite the 0600 perms

What do the permission for path leading to the file look like?

dhcp130:.ssh dnewman$ ls -ld /{,Users/{,dnewman/{,.ssh}}}
drwxr-xr-x 36 root admin 1292 Dec 15 16:07 /
drwxr-xr-x 5 root admin 170 Oct 21 07:50 /Users/
drwxr-xr-x+ 39 dnewman staff 1326 Dec 18 15:56 /Users/dnewman/
drwx------@ 6 dnewman staff 204 Sep 20 12:22 /Users/dnewman/.ssh

dhcp130:.ssh dnewman$ ls -ld@ known_hosts
-rw-------@ 1 dnewman staff 36439 Sep 26 17:51 known_hosts
com.apple.metadata:_kTimeMachineNewestSnapshot 50
com.apple.metadata:_kTimeMachineOldestSnapshot 50

The permissions thing is interesting. Is the problem that I had a different UID or GID on the "old" machine image (the one I restored from) than what's currently running? And if so, how to remedy?

thanks much!

can't append to known_hosts -- permission denied. Same deal when trying to write changes using vi.

id returns the following:

uid=0(root) gid=0(wheel) groups=0(wheel),1(daemon),8(procview),2(kmem),29(certusers),3(sys),9(procmod),4 (tty),101(com.apple.sharepoint.group.1),5(operator),80(admin),20(staff)

I suspect a UID or GID on the restore image was different than the what's posted above, but not sure where.

thanks!

Nils C. Anderson wrote:
What does

ls -ld@ /Users/dnewman/

return?

dhcp130:~ dnewman$ ls -ld@ /Users/dnewman/
drwxr-xr-x+ 40 dnewman staff 1360 Dec 18 16:36 /Users/dnewman/

dhcp130:~ dnewman$ ls -ld@ /Users/dnewman/.ssh
drwx------@ 6 dnewman staff 204 Sep 20 12:22 /Users/dnewman/.ssh
com.apple.metadata:_kTimeMachineNewestSnapshot 50
com.apple.metadata:_kTimeMachineOldestSnapshot 50

Nils C. Anderson wrote:
What acl's are set on the directory? the '-e' option to 'ls' should give us this.

ls -ldeo /Users/dnewman/

dhcp130:~ dnewman$ ls -ldeo /Users/dnewman/
drwxr-xr-x+ 40 dnewman staff - 1360 Dec 18 16:36 /Users/dnewman/
0: group:everyone deny delete

So far, so good. But then there's this:

dhcp130:~ dnewman$ ls -ldeo /Users/dnewman/.ssh
drwx------@ 6 dnewman staff - 204 Sep 20 12:22 /Users/dnewman/.ssh
0: group:everyone deny add file,delete,add_subdirectory,deletechild,writeattr,writeextattr,chown

curiouser and curiouser...

Nils C. Anderson wrote:
from looking over the chmod(1) to remove the acl

chmod -a# 0 /Users/dnewman/.ssh

Success! I had to run this command on both the directory and all the files in the directory but I'm now able to write to known_hosts.

There are now no access rules in effect on the ~/.ssh directory or its contents. Should there be, and if so how to apply them? I can't tell from the chmod(1) manpage.

thanks very much!