Hi All, I have a desktop box which I am starting to use as a LAN server. I created a new user and noticed that:
a) The new user is asked to login with passwd as opposed to pubkey. This is surprising as (I thought) that I had set up sshd_config to allow pubkey authentication only - need to check this again when I get home. Other than a misconfigured sshd_config could it be anything else that causes this? b) Once logged in via sftp the new user can read and access other users files. This is because the default permission setting for /home/%u/ is 0644 (rw-r--r--). Is there a clever way of tightening this down without messing up all home file and directory permissions indiscriminately? I understand that there are many ways to skin a cat - in this case to contain somewhat what a plain user can and cannot do when they log in via sftp. Some ideas that I have across are to use a limited shell like rssh, use an ssh chroot, modify the umask for user directories. I am interested to find out what you might have tried and what you would recommend. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
