>>>>> "AC" == Alexei Chetroi <[EMAIL PROTECTED]> writes:
AC> Have you ran this command locally as root user or as openca user? Make
AC> sure /var/www/.ssh/known_hosts actually contains RA host key and is
AC> readable by openca proccess, eg have root:openca perms. and 0640 access
AC> mode.
Hmm, at my installation the ssh command is issued by the Web server
and not by the openca process. I.e., it suffices that the files are
readable by wwwrun (or whatever the Web server account is named
today).
That said, what I usually do for batch users: I use a completely
different owner for home directory, .ssh directories and files. (Well,
the private key is owned by that user and chmod 400.) Then breakins
into that batch account cannot change the ssh keys or configuration so
easily. Of course, then .ssh must be 555.
Cheers,
Joachim
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod Email: [EMAIL PROTECTED]
Roedermark, Germany
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
