[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secure-shell
Subject:    Re: Permissions on .ssh files Please.
From:       Greg Wooledge <wooledg () eeg ! ccf ! org>
Date:       2006-09-26 11:51:02
Message-ID: 20060926115102.GT8933 () eeg ! ccf ! org
[Download RAW message or body]

On Mon, Sep 25, 2006 at 11:02:42PM -0600, Reg Clemens wrote:
> I know I have a listing somewhere that shows what the permissions should be
> on the files in $HOME/.ssh , but cant find it for the life of me.

It's not just that ONE file!

Every single directory in the entire path leading up to ~/.ssh, as well
as the authorized_keys file therein, must NOT have group or world write
permission.

  ls -ld / /home /home/you /home/you/.ssh /home/you/.ssh/authorized_keys

If any one of the directories or the file in the output of that command
have group or world write permission (e.g., drwxrwxr-x) then sshd will
refuse to acknowledge the authorized_keys file.

Many Linux distributions include some sort of group-writable /home
directory.  This is a frequent cause of problems.  People who ONLY
look at ~/.ssh won't understand why their public key auth is failing.
[prev in list] [next in list] [prev in thread] [next in thread]