Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sandboxing denies access to SSH keys. #7208

Closed
cyberduck opened this issue May 4, 2013 · 8 comments
Closed

Sandboxing denies access to SSH keys. #7208

cyberduck opened this issue May 4, 2013 · 8 comments

Comments

@cyberduck
Copy link
Collaborator

@cyberduck cyberduck commented May 4, 2013

1e18663 created the issue

Upgraded to 4.3 (10871) via Mac AppStore update. This version has sandboxing enabled by default which prevents access to SSH keys stored in ~/.ssh.

Initial connection attempt results in: I/O Error: Connection failed /Users/XXXX/.ssh/id_rsa (Operation not permitted).

-- Console Log --

2013-05-04 1:15:33.000 AM kernel[0]: Sandbox: sandboxd(93005) deny mach-lookup com.apple.coresymbolicationd
2013-05-04 1:15:41.398 AM sandboxd[93005]: ([92668]) Cyberduck(92668) deny file-read-data /Users/XXXX/.ssh/id_rsa

Manually updating the bookmarks and reselecting the SSH key, via the file dialog, permits flawless functionality, until the next time Cyberduck is executed.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 5, 2013

@dkocher commented

We have to test if 8ebb2fc is enough to fix this.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 6, 2013

@dkocher commented

This will also be an issue for reading and writing keys to the ~/.ssh/known_hosts file.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 6, 2013

@dkocher commented

Fixed entitlements in c48e788.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 9, 2013

@dkocher commented

#7208 closed as duplicate.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Aug 4, 2013

@dkocher commented

#7377 closed as duplicate.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Oct 29, 2013

@dkocher commented

We've determined that one or more temporary entitlement exceptions requested for this app are not appropriate and will not be granted:

com.apple.security.temporary-exception.files.home-relative-path.read-only: /.ssh/

We understand this may prevent the app from being approved for the Mac App Store. We encourage you to investigate other ways of implementing the desired functionality.

Reverted in 093237a.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Oct 29, 2013

1e18663 commented

So close! Any insights into an alternative course of action that doesn't involve caching the files in a safe location as this would prove detrimental...

Thanks again for all your great work.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Oct 30, 2013

@dkocher commented

In f157dd6. Store security scoped application bookmark for file references outside of sandbox. Change minimum system requirement to 10.7.3 for MAS build.

Loading

@cyberduck cyberduck closed this Oct 30, 2013
@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants