JP Vossen on 3 May 2008 13:15:10 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ssh key based authentication

> Date: Fri, 2 May 2008 15:17:33 -0400
> From: "Kyle R. Burton" <>
>>> A couple of people suggested permissions being too lax.  The
>>> permissions on the sprint user's homedir were 777.  I changed them to
>>> 755 and it works now.
>>  That has nailed me a few times too.  I get focused on ~/.ssh perms and
>>  forget about ~/ perms. :-(  But there is a way (StrictModes) to turn
>>  that checking off in the sshd config.  I am not saying that's a GOOD
>>  idea, but sometimes you have to have a home dir with loose permissions.
> Er, isn't that setting things up so any other user could 'break' into
> the account via ssh?
> If $HOME is 777, then another user on the same host can create the
> .ssh directory and put whatever key they want in it.

Yes, 0777 is a Bad Idea.  I was just talking about in general, it might 
be necessary or useful to have slightly looser permissions than SSH 
likes.  And note the part about "I am not saying that's a GOOD idea"... :-)

But thanks for calling me on this, it's a good thing to clarify!

> I could be missing something, but a 777 $HOME should be a no-no.


JP Vossen, CISSP            |:::======|        jp{at}jpsdomain{dot}org
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --