Chris Rees wrote:


Although I think it's not a big deal, as long as your id_?sa has
permissions 600 like mine, or even 400.

Chris


The man page for ssh(1) provides a lot of detail about the sensitivity of the various files related to ssh. To quote it regarding a few of them:

     ~/.ssh/
             This directory is the default location for all user-specific 
configuration and authentication information.  There is no
             general requirement to keep the entire contents of this directory 
secret, but the recommended permissions are
             read/write/execute for the user, and not accessible by others.

So as you can see, 700 is recommended (but not necessary).

     ~/.ssh/identity
     ~/.ssh/id_dsa
     ~/.ssh/id_rsa
             Contains the private key for authentication.  These files contain 
sensitive data and should be readable by the user but not
             accessible by others (read/write/execute).  ssh will simply ignore 
a private key file if it is accessible by others.  It is
             possible to specify a passphrase when generating the key which 
will be used to encrypt the sensitive part of this file
             using 3DES.

However, identity, id_dsa and id_rsa _must_ be 700 at a maximum. It's best to follow the recommendations from the man page unless you have very specific reasons for needing more lax permissions on these files.

Regards,
Brent
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to