[ale] ssh authorized_keys2, what am I missing?
Bob Toxen
bob at verysecurelinux.com
Thu Jun 9 13:18:09 EDT 2005
On Wed, Jun 08, 2005 at 01:33:41PM -0400, Michael H. Warfield wrote:
> On Wed, 2005-06-08 at 13:13 -0400, Grant Robertson wrote:
> > Just checked.. it was set to 700, now 500, same issue. I should have
> > mentioned that.
> Make sure you check your entire path. Had an incident a couple of
> years back where it failed because some moron had / mode 775 (755 was
> sufficient).
Yes, OpenSSH will fail without a good explanation if anyone other than
the owner of the file can read or write the private key or has write
permission to any directory leading to it (because having directory
write permission would allow one to replace the valid private key).
On the version of OpenSSH that comes with RH9 (what a client requires
currently when I teach my Linux Security class), ssh-keygen creates the
keys mode 660 so using the keys automatically fails. Clever.
> Mike
Bob Toxen
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
> > -G
> > On 6/8/05, Joe Sechman <joe.sechman at gmail.com> wrote:
> > > make sure you have 500 permissions on the ~/.ssh directory as well....
> > > --
> > > Joe Sechman, CISSP | RHCE
> --
> Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
More information about the Ale
mailing list