On Tue, 24 Sep 2013 13:19:20 -0500, Kirk Wolf wrote: > >No, the sys admin can collect host public keys and put them in >/etc/ssh/known_hosts for all users. > /etc/ssh/ssh_known_hosts?
>This is the preferred method, and best practice would be to manage these >enterprise wide and then automatically publish to all ssh client machines. > While we're here, what permissions do you recommend for ~/.ssh, etc.? I have: total 66 drwx--x--x 2 user 513 512 Sep 23 15:02 . drwx--x--x 87 user 513 12288 Sep 24 14:27 .. -rw------- 1 user 513 230 Aug 10 2012 authorized_keys -rw------- 1 user 513 67 Aug 10 2012 environment -rw------- 1 user 513 887 Jun 23 2008 id_rsa -rw-r--r-- 1 user 513 230 Aug 10 2012 id_rsa.pub -rw------- 1 user 513 14917 Sep 23 14:28 known_hosts -rw------- 1 user 513 1024 Sep 23 15:02 prng_seed others recomment, perhaps phobically: total 66 drwx------ 2 user 513 512 Sep 23 15:02 . drwx--x--x 87 user 513 12288 Sep 24 14:27 .. -rw------- 1 user 513 230 Aug 10 2012 authorized_keys -rw------- 1 user 513 67 Aug 10 2012 environment -rw------- 1 user 513 887 Jun 23 2008 id_rsa -rw------- 1 user 513 230 Aug 10 2012 id_rsa.pub -rw------- 1 user 513 14917 Sep 23 14:28 known_hosts -rw------- 1 user 513 1024 Sep 23 15:02 prng_seed -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
