[PLUG] SSH/SCP: Passphrase lost
Kenneth G. Stephens
kens at cad2cam.com
Thu Sep 23 20:21:02 UTC 2004
On Thu, 2004-09-23 at 13:43, Elliott Mitchell wrote:
> >From: "Kenneth G. Stephens" <kens at cad2cam.com>
> > You may have to add execute permission for other to your home and .ssh2
> > directories. The ssh daemon is still root while it tries to read your
> > key. Does not change you the user until after the key is checked.
>
> You need to go back to the Unix basics class. Think about the
> implications of what you said... Changing the permissions is absolutely
> unneeded.
>
> If you then go and read about security, and in particular SSH; you'll
> learn that having the .ssh directories be only readable/executable by you
> IS THE STANDARD CONFIGURATION AS OTHERWISE IT IS NOT SECURE!!!
>
>
> --
> (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/)
> \ ( | EHeM at gremlin.m5p.com PGP 8881EF59 | ) /
> \_ \ | _____ -O #include <stddisclaimer.h> O- _____ | / _/
> \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/
>
Please notice that I did not say to open the permissions anymore than to
let the ssh daemon running as root see the keys it needs to see. Do not
add other's read or write permissions to the home directory. I root
cannot read your keys you will never get logged in with them.
Ken
CAD2CAM.COM
More information about the PLUG
mailing list