Chris Rees wrote:
Although I think it's not a big deal, as long as your id_?sa has
permissions 600 like mine, or even 400.
Chris
The man page for ssh(1) provides a lot of detail about the sensitivity
of the various files related to ssh. To quote it regarding a few of them:
~/.ssh/
This directory is the default location for all user-specific
configuration and authentication information. There is no
general requirement to keep the entire contents of this directory
secret, but the recommended permissions are
read/write/execute for the user, and not accessible by others.
So as you can see, 700 is recommended (but not necessary).
~/.ssh/identity
~/.ssh/id_dsa
~/.ssh/id_rsa
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not
accessible by others (read/write/execute). ssh will simply ignore
a private key file if it is accessible by others. It is
possible to specify a passphrase when generating the key which
will be used to encrypt the sensitive part of this file
using 3DES.
However, identity, id_dsa and id_rsa _must_ be 700 at a maximum. It's
best to follow the recommendations from the man page unless you have
very specific reasons for needing more lax permissions on these files.
Regards,
Brent
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
