Re: ~/.ssh directory permissions
Chris Rees wrote: Although I think it's not a big deal, as long as your id_?sa has permissions 600 like mine, or even 400. Chris The man page for ssh(1) provides a lot of detail about the sensitivity of the various files related to ssh. To quote it regarding a few of them: ~/.ssh/ This directory is the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. So as you can see, 700 is recommended (but not necessary). ~/.ssh/identity ~/.ssh/id_dsa ~/.ssh/id_rsa Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key which will be used to encrypt the sensitive part of this file using 3DES. However, identity, id_dsa and id_rsa _must_ be 700 at a maximum. It's best to follow the recommendations from the man page unless you have very specific reasons for needing more lax permissions on these files. Regards, Brent ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
~/.ssh directory permissions
Looking at my ~/.ssh directory, I see the following permissions: -rw-r--r-- Which I understand to be equivalent to 644. I read here http://sial.org/howto/openssh/publickey-auth/ that ~/.ssh ought to have permissions 700. Which is preferable, and why? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ~/.ssh directory permissions
On Tue, Jun 23, 2009 at 10:06:03AM -0400, Daniel Underwood wrote: Looking at my ~/.ssh directory, I see the following permissions: -rw-r--r-- Which I understand to be equivalent to 644. I read here http://sial.org/howto/openssh/publickey-auth/ that ~/.ssh ought to have permissions 700. Which is preferable, and why? Well, generically, 700 allows you to do anything you want with the file as owner, but no other id (except root) can touch it in any way - not even look at it. I don't really know if it would hurt to allow others to read it or not, but in the philosophy of if access is not needed, then don't provide it, I would make it limited to 700. I just looked at mine and it is set to 700. jerry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ~/.ssh directory permissions
Thanks. Might as well set to 700 then. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ~/.ssh directory permissions
On 23 jun 2009, at 16:06, Daniel Underwood djuatde...@gmail.com wrote: Looking at my ~/.ssh directory, I see the following permissions: -rw-r--r-- Which I understand to be equivalent to 644. I read here http://sial.org/howto/openssh/publickey-auth/ that ~/.ssh ought to have permissions 700. Which is preferable, and why? __ 700, you private key(s) go in there. Peter ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ~/.ssh directory permissions
2009/6/23 Peter Boosten pe...@boosten.org: On 23 jun 2009, at 16:06, Daniel Underwood djuatde...@gmail.com wrote: Looking at my ~/.ssh directory, I see the following permissions: -rw-r--r-- Which I understand to be equivalent to 644. I read here http://sial.org/howto/openssh/publickey-auth/ that ~/.ssh ought to have permissions 700. Which is preferable, and why? __ 700, you private key(s) go in there. Interesting, I never noticed the 700 permissions on .ssh... [ch...@amnesiac]~% ls -ld .ssh drwx-- 2 chris chris 512 Nov 22 2008 .ssh/ [ch...@amnesiac]~% ls -l .ssh total 18 -rw-r--r-- 1 chris chris 3281 Jan 8 21:21 authorized_keys -rw--- 1 chris chris 1675 Oct 1 2008 id_rsa -rw-r--r-- 1 chris chris 409 Oct 1 2008 id_rsa.pub -rw-r--r-- 1 chris chris 8379 Jun 11 22:01 known_hosts [ch...@amnesiac]~% Although I think it's not a big deal, as long as your id_?sa has permissions 600 like mine, or even 400. Chris -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in a mailing list? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org