On 10 Feb 1999, in message <>
George McConnell <[EMAIL PROTECTED]> wrote:
| >is there an option to disable the permission check for the target users
| >$HOME directory?
Not that I can see (glancing through the ssh1 manual). You _could_ make
root's home something like /root with suitable permissions. BTW, _why_
is your / dir group writable?
| >What I want to do is to login with RSA-Authentication as root where root's
| >homedir is / with the following permissions:
| > drwxrwxr-x 26 root sys 1024 Feb 10 10:12 /
| >Feb 10 12:59:01 sshd[13573]: log: Rsa authentication refused for root: bad
| >modes for /
|
| the $HOME directory should be not be world writable.
It shouldn't be group writable either (which is his actual problem);
group write permits more than the user to rename things, which permits
moving the real .ssh aside and putting in another.
| also, check the permissions on the ssh directory ($HOME/.ssh). the
| permissions on the directory should be 700.
Um, no. They can happily be 755, and only the identity and random_seed files
need user-only read access.
Cheers,
--
Cameron Simpson, DoD#743 [EMAIL PROTECTED] http://www.zip.com.au/~cs/
Try being nothing but bored for 4 hours straight, and then tell me that
there's no fear involved. - [EMAIL PROTECTED] (Dave Hayes)
