>From here: http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1
<quote>
*~/.ssh/*
This directory is the default location for all user-specific
configuration and authentication information. There is no
general requirement to keep the entire contents of this directory
secret, but the recommended permissions are read/write/execute
for the user, and not accessible by others.
</quote>
On Tue, Sep 24, 2013 at 3:42 PM, John McKown
<[email protected]>wrote:
> I use the latter. In most systems, the ssh process will refuse to execute
> if the modes on the ~/.ssh directory and the files therein were not set up
> properly. In my case, properly meant "only accessable by the user". I.e.
> 700 for ~/.ssh and 600 for all files within it. Since the local ssh does
> not access the *.pub files, they can be 644.
>
>
> On Tue, Sep 24, 2013 at 3:38 PM, Paul Gilmartin <[email protected]>wrote:
>
>> On Tue, 24 Sep 2013 13:19:20 -0500, Kirk Wolf wrote:
>> >
>> >No, the sys admin can collect host public keys and put them in
>> >/etc/ssh/known_hosts for all users.
>> >
>> /etc/ssh/ssh_known_hosts?
>>
>> >This is the preferred method, and best practice would be to manage these
>> >enterprise wide and then automatically publish to all ssh client
>> machines.
>> >
>> While we're here, what permissions do you recommend for ~/.ssh, etc.?
>>
>> I have:
>> total 66
>> drwx--x--x 2 user 513 512 Sep 23 15:02 .
>> drwx--x--x 87 user 513 12288 Sep 24 14:27 ..
>> -rw------- 1 user 513 230 Aug 10 2012 authorized_keys
>> -rw------- 1 user 513 67 Aug 10 2012 environment
>> -rw------- 1 user 513 887 Jun 23 2008 id_rsa
>> -rw-r--r-- 1 user 513 230 Aug 10 2012 id_rsa.pub
>> -rw------- 1 user 513 14917 Sep 23 14:28 known_hosts
>> -rw------- 1 user 513 1024 Sep 23 15:02 prng_seed
>>
>> others recomment, perhaps phobically:
>>
>> total 66
>> drwx------ 2 user 513 512 Sep 23 15:02 .
>> drwx--x--x 87 user 513 12288 Sep 24 14:27 ..
>> -rw------- 1 user 513 230 Aug 10 2012 authorized_keys
>> -rw------- 1 user 513 67 Aug 10 2012 environment
>> -rw------- 1 user 513 887 Jun 23 2008 id_rsa
>> -rw------- 1 user 513 230 Aug 10 2012 id_rsa.pub
>> -rw------- 1 user 513 14917 Sep 23 14:28 known_hosts
>> -rw------- 1 user 513 1024 Sep 23 15:02 prng_seed
>>
>> -- gil
>>
>> ----------------------------------------------------------------------
>> For IBM-MAIN subscribe / signoff / archive access instructions,
>> send email to [email protected] with the message: INFO IBM-MAIN
>>
>
>
>
> --
> 10 to the minus 6th power mouthwashes == 1 Microscope
> (from Slashdot.org)
>
> Maranatha! <><
> John McKown
>
--
10 to the minus 6th power mouthwashes == 1 Microscope
(from Slashdot.org)
Maranatha! <><
John McKown
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
