ssh public key authentication

Smoot Carl-Mitchell smoot at tic.com
Wed Jan 7 20:49:43 UTC 2009


On Wed, 2009-01-07 at 14:36 -0500, Mark Haney wrote:
> Smoot Carl-Mitchell wrote:
> > On Wed, 2009-01-07 at 11:13 -0500, Mark Haney wrote:
> > 
> >> This bites me a lot.  Check to make sure the ~/.ssh folder is set to 600
> >> permissions, including all the files in it.  If they /aren't/ set to
> >> those permissions, it doesn't matter if the key is there, ssh won't
> >> accept it.
> > 
> > The .ssh directory can be readable by group and other and the
> > authorized_keys file can also be readable and public key authentication
> > will work.  If those permissions are correct, check the permissions of
> > the directory path which leads to the .ssh directory.  All the ancestor
> > directories must only be readable by group and other as well.
> 
> Yeah, that's true. However, being the truly paranoid that I am, I just
> set the whole shooting match to 600.  But 700 is acceptable for the
> directory itself.

Yep, paranoia can be a good thing. :-)  700 is required for the
directory, since you do want it searchable. e.g. o+rwx.
-- 
Smoot Carl-Mitchell
System/Network Architect
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005




More information about the ubuntu-users mailing list