Kyle R. Burton on 2 May 2008 12:17:49 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ssh key based authentication

>  > A couple of people suggested permissions being too lax.  The
>  > permissions on the sprint user's homedir were 777.  I changed them to
>  > 755 and it works now.
>  That has nailed me a few times too.  I get focused on ~/.ssh perms and
>  forget about ~/ perms. :-(  But there is a way (StrictModes) to turn
>  that checking off in the sshd config.  I am not saying that's a GOOD
>  idea, but sometimes you have to have a home dir with loose permissions.

Er, isn't that setting things up so any other user could 'break' into
the account via ssh?

If $HOME is 777, then another user on the same host can create the
.ssh directory and put whatever key they want in it.

If $HOME is 777 and .ssh already exists, a non-owner of that home can
rename the .ssh directory and put in whatever keys, files, configs
they want.

Doesn't having a 777 home and an sshd that allows pub/private keys to
be used basically allow any user with file system access (are the
homes mounted from somewhere else?) the ability to become the other

I could be missing something, but a 777 $HOME should be a no-no.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --