On 03 Nov 2009 09:36:12 -0800, Mathew D. Watson wrote:
>
> Mike Schuh wrote:
>> Does the ~user/.ssh directory (or its contents) need a specific
>> mode?
>
> I had a similar problem with ssh. Permissions matter. Things started
> working after I did the following.
Permissions are usually the key problem.
>
> From my notes, on the machine running sshd, as a regular user, ...
>
> $ chmod 700 ~/.ssh
> $ cat id_rsa.pub > ~/.ssh/authorized_keys
> $ chmod 600 ~/.ssh/authorized_keys
>
> where id_ras.pub was created earlier using
> $ ssh-keygen -t rsa -b 4096
>
> Mat
>
The modes problem is or ought to be an SSH FAQ. I'm a bit hyper about
this. I go to the extreme of starting a new shell/terminal and doing
umask 077
chmod go-w $HOME
chmod -R go-rwx $HOME/.ssh
before doing any ssh-related operations.
Remember this little key:
On Remote Host
~/.ssh/authorized_keys
Equivalent to ~/.rhosts with rsh
Gives permission based on public keys for other hosts to
access this one.
On Local Host
~/.ssh/config
Set up your stanzas in order from specific to general.
The first setting found in a matching stanza will be used.
You probably want to put this in your last stanza:
Host *
Protocol 2
~/.ssh/id_rsa{,.pub}
Private/Public key pair. I like to build mine with
ssh -t rsa -b 4096
Copy id_rsa.pub to the Remote Host's authorized_keys file:
cat id_rsa.pub | ssh remotehost \
"umask 077; \
cd .ssh; \
cat >> authorized_keys"
Ted
--
Frango ut patefaciam -- I break so that I may reveal
