On Mon, 11 Nov 2002, Harig, Mark A. wrote: > > > chmod 700 ~ && \ > > ^^^^^^^^^^^ > > This is your problem. By setting home and .ssh to 700 you > > disallow sshd to > > stat() ~/.ssh. Cygwin has two chances to retrieve > > information about a file > > or directory, by either calling FindFileFirst() or by trying > > to open the > > file and calling various Win32 access functions. > > > > FindFileFirst() requires to have read permissions on the > > parent directory, > > opening the file/dir requires read permissions on it. If home as well > > as .ssh are 700, sshd has neither of these rights ==> The > > check for .ssh > > fails. > > OK. So, it appears that Cygwin users > of openssh have one of two options: > > 1. chmod 700 ~ > chgrp 18 ~/.ssh > chmod 750 ~/.ssh > > or > > 2. chmod 755 ~ > chmod 700 ~/.ssh > > Do you have a recommendation on which of > these two options is more secure?
According to what I remember about Unix permissions, 'chmod 711 ~' should suffice. This will allow anyone to access a subdirectory of your $HOME *if they know the exact path*. Same with ~/.ssh. You can then make authorized_keys world-readable without exposing the rest of your home directory. Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ [EMAIL PROTECTED] ZZZzz /,`.-'`' -. ;-;;,_ [EMAIL PROTECTED] |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! "Water molecules expand as they grow warmer" (C) Popular Science, Oct'02, p.51 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/