On Wed, 3 Sep 2014 09:09:39 -0400
wor...@alum.mit.edu (Dale R. Worley) wrote:

> > Key-based SSH authentication usually enforces security by requiring 
> > restricted rights on the involved files. To prevent SSH from
> > refusing to work, type this:
> > 
> > $ chmod -R go= ~/.ssh
> > -----------------------
> I don't know exactly what causes your issue, and I am not an expert in
> SSH.  But I do know that the SSH server daemon enforces certain
> restrictions on the permissions of the files in ~user/.ssh.  For
> security it is important that no-one other than the user can read any
> of the private key files.  Similarly, it is important that no-one
> other than the user can modify any of the files in .ssh.  When a
> client tries to authenticate as the user, the SSH daemon verifies that
> the files in ~user/.ssh meet these requirements, and if they do not,
> the daemon refuses the connection.

You're absolutely correct.  One more point is that ~/.ssh on a server
also typically contains a file named "authorized_keys" which is crucial
for functioning of the pubkey-based authentication: this file contains
fingerprints of the keys the account trusts to authenticate remote
parties as the owner of this account and authorize them as such.
Obviously, no one but the account's owner must have write access to
this file, and this is also checked by the server.

Directory/file insecurities related to SSH on the server are typically
logged appropriately (on a stock Debian-based system that will
be /var/log/auth.log).

You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to