[PLUG] Perms and ownership of ~/.ssh?

Rick rdoyle16+plug at gmail.com
Tue Jan 24 20:53:11 UTC 2012


In my experience, this type of thing usually happens when you do a
recursive chmod on your /home/<yourname> directory (or, just the contents
of the directory). Often times we do such a "chmod -R /home/<yourname>"
because permissions can get messed up via accidental command (such as a
typo when logged in as root), or due to transfer/restore of
/home/<yourname> from another computer/backup.

Just some thoughts... in case you're trying to figure out how this happened
in the first place.

-Rick


On Tue, Jan 24, 2012 at 12:27 PM, Dale Snell <ddsnell at frontier.com> wrote:

> On Tue, 24 Jan 2012 12:10:38 -0800 (PST)
> Rich Shepard <rshepard at appl-ecosys.com> wrote:
>
> >    My secure log watch summary keeps telling me there's a problem with
> > ownership or permissions on ~/.ssh. Currently it's 755 and owned by
> > me. I've not changed it so I don't know why I'm suddenly getting this
> > error. The exact message is:
> >
> >   Authentication refused:
> >      bad ownership or modes for directory /home/rshepard/.ssh : 6
> > Time(s)
> >
> >    Since I logged in remotely via ssh 6 times yesterday (from Carson
> > City and Reno), I suppose the authentication messages refer to those
> > connections. But, they went through with no problems.
> >
> >    Can someone explain what the message might be telling me?
> >
> > Rich
>
> I would guess that the permissions for ~/.ssh are probably too
> liberal.  You really don't need it to be world-readable.  The ssh(1)
> man page says about this directory "There is no general requirement to
> keep the entire contents of this directory secret, but the recommended
> permissions are read/write/execute for the user, and not accessible by
> others."
>
> --Dale
>
> --
> A long-forgotten loved one will appear soon.
>
> Buy the negatives at any price.
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>



More information about the PLUG mailing list