Chris Rees wrote:
Although I think it's not a big deal, as long as your id_?sa has
permissions 600 like mine, or even 400.
The man page for ssh(1) provides a lot of detail about the sensitivity
of the various files related to ssh. To quote it regarding a few of them:
This directory is the default location for all user-specific
configuration and authentication information. There is no
general requirement to keep the entire contents of this directory
secret, but the recommended permissions are
read/write/execute for the user, and not accessible by others.
So as you can see, 700 is recommended (but not necessary).
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not
accessible by others (read/write/execute). ssh will simply ignore
a private key file if it is accessible by others. It is
possible to specify a passphrase when generating the key which
will be used to encrypt the sensitive part of this file
However, identity, id_dsa and id_rsa _must_ be 700 at a maximum. It's
best to follow the recommendations from the man page unless you have
very specific reasons for needing more lax permissions on these files.
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"