Chris Rees wrote:

Although I think it's not a big deal, as long as your id_?sa has
permissions 600 like mine, or even 400.


The man page for ssh(1) provides a lot of detail about the sensitivity of the various files related to ssh. To quote it regarding a few of them:

             This directory is the default location for all user-specific 
configuration and authentication information.  There is no
             general requirement to keep the entire contents of this directory 
secret, but the recommended permissions are
             read/write/execute for the user, and not accessible by others.

So as you can see, 700 is recommended (but not necessary).

             Contains the private key for authentication.  These files contain 
sensitive data and should be readable by the user but not
             accessible by others (read/write/execute).  ssh will simply ignore 
a private key file if it is accessible by others.  It is
             possible to specify a passphrase when generating the key which 
will be used to encrypt the sensitive part of this file
             using 3DES.

However, identity, id_dsa and id_rsa _must_ be 700 at a maximum. It's best to follow the recommendations from the man page unless you have very specific reasons for needing more lax permissions on these files.

_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to