ssh public key authentication
Smoot Carl-Mitchell
smoot at tic.com
Wed Jan 7 20:49:43 UTC 2009
On Wed, 2009-01-07 at 14:36 -0500, Mark Haney wrote:
> Smoot Carl-Mitchell wrote:
> > On Wed, 2009-01-07 at 11:13 -0500, Mark Haney wrote:
> >
> >> This bites me a lot. Check to make sure the ~/.ssh folder is set to 600
> >> permissions, including all the files in it. If they /aren't/ set to
> >> those permissions, it doesn't matter if the key is there, ssh won't
> >> accept it.
> >
> > The .ssh directory can be readable by group and other and the
> > authorized_keys file can also be readable and public key authentication
> > will work. If those permissions are correct, check the permissions of
> > the directory path which leads to the .ssh directory. All the ancestor
> > directories must only be readable by group and other as well.
>
> Yeah, that's true. However, being the truly paranoid that I am, I just
> set the whole shooting match to 600. But 700 is acceptable for the
> directory itself.
Yep, paranoia can be a good thing. :-) 700 is required for the
directory, since you do want it searchable. e.g. o+rwx.
--
Smoot Carl-Mitchell
System/Network Architect
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list