[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]








 "http://www.w3.org/TR/html4/loose.dtd">

<li>date: Thu Jun 9 13:18:09 2005</li>
<li>from: bob at verysecurelinux.com (Bob Toxen)</li>
<li>in-reply-to: <[email protected]></li>
<li>references: <<a href="msg00360.html">[email protected]</a>> <<a href="msg00361.html">[email protected]</a>> <<a href="msg00362.html">[email protected]</a>> <[email protected]></li>
<li>subject: [ale] ssh authorized_keys2, what am I missing?</li>

&gt; 	Make sure you check your entire path.  Had an incident a couple of
&gt; years back where it failed because some moron had / mode 775 (755 was
&gt; sufficient).
Yes, OpenSSH will fail without a good explanation if anyone other than
the owner of the file can read or write the private key or has write
permission to any directory leading to it (because having directory
write permission would allow one to replace the valid private key).

On the version of OpenSSH that comes with RH9 (what a client requires
currently when I teach my Linux Security class), ssh-keygen creates the 
keys mode 660 so using the keys automatically fails.  Clever.

&gt; 	Mike

Bob Toxen

&quot;Microsoft: Unsafe at any clock speed!&quot;
   -- Bob Toxen 10/03/2002

&gt; &gt; -G

&gt; &gt; On 6/8/05, Joe Sechman &lt;joe.sechman at gmail.com&gt; wrote:
&gt; &gt; &gt; make sure you have 500 permissions on the ~/.ssh directory as well....
&gt; &gt; &gt; --
&gt; &gt; &gt; Joe Sechman, CISSP | RHCE
&gt; -- 
&gt;  Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com  
&gt;   /\/\|=mhw=|\/\/       |  (678) 463-0932   |  <a  rel="nofollow" href="http://www.wittsend.com/mhw/";>http://www.wittsend.com/mhw/</a>
&gt;   NIC whois:  MHW9      |  An optimist believes we live in the best of all
&gt;  PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00428" href="msg00428.html">[ale] ssh authorized_keys2, what am I missing?</a></strong>
<ul><li><em>From:</em> mdhirsch at gmail.com (Michael Hirsch)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00360" href="msg00360.html">[ale] ssh authorized_keys2, what am I missing?</a></strong>
<ul><li><em>From:</em> f.grant.robertson at gmail.com (Grant Robertson)</li></ul></li>
<li><strong><a name="00361" href="msg00361.html">[ale] ssh authorized_keys2, what am I missing?</a></strong>
<ul><li><em>From:</em> joe.sechman at gmail.com (Joe Sechman)</li></ul></li>
<li><strong><a name="00362" href="msg00362.html">[ale] ssh authorized_keys2, what am I missing?</a></strong>
<ul><li><em>From:</em> f.grant.robertson at gmail.com (Grant Robertson)</li></ul></li>
<li><strong><a name="00369" href="msg00369.html">[ale] ssh authorized_keys2, what am I missing?</a></strong>
<ul><li><em>From:</em> mhw at wittsend.com (Michael H. Warfield)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00422.html">[ale] Connection Speed Testing</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00424.html">[ale] Drive recovery</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00369.html">[ale] ssh authorized_keys2, what am I missing?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00428.html">[ale] ssh authorized_keys2, what am I missing?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00423"><strong>Date</strong></a></li>
<li><a href="threads.html#00423"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]
Index(es):
- Date
- Thread