Chris Rees wrote:
Although I think it's not a big deal, as long as your id_?sa has permissions 600 like mine, or even 400. Chris
The man page for ssh(1) provides a lot of detail about the sensitivity of the various files related to ssh. To quote it regarding a few of them:
~/.ssh/ This directory is the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user, and not accessible by others.
So as you can see, 700 is recommended (but not necessary).
~/.ssh/identity ~/.ssh/id_dsa ~/.ssh/id_rsa Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key which will be used to encrypt the sensitive part of this file using 3DES.
However, identity, id_dsa and id_rsa _must_ be 700 at a maximum. It's best to follow the recommendations from the man page unless you have very specific reasons for needing more lax permissions on these files.
Regards, Brent _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"