[PLUG] Re-doing ssh key phrase and key type
David
dafr+plug at dafr.us
Wed Nov 2 17:34:44 UTC 2016
On 11/02/2016 10:28 AM, Rich Shepard wrote:
> On Wed, 2 Nov 2016, Smith, Cathy wrote:
>
>> I think 600 will also work on the .ssh directory.
>
> Cathy,
>
> As there are no executable files or sub-directories there I thought 600
> was the most restrictive.
No, 0600 is too restrictive for .ssh. You must have the executable flag
on the .ssh directory so that the processes may traverse down into that
directory to access the public keys and config file. Else you are forced
to use password authentication.
Mode 0600 is required for the files within .ssh, however. (Or at least
most of them.)
dafr
More information about the PLUG
mailing list