Re: Help with OpenSSH SFTP Batch

Tue, 24 Sep 2013 15:17:49 -0700 

Right: /etc/ssh/ssh_known_hosts

either way that you have on the permissions is fine.

Some files can only be readable by the owner or root (like private keys),
and others can only be writable by the owner or root.
In order to satisfy the "only writable" part, it is also required that any
directory in the path to and including .ssh only be writable by the owner
or root.



Kirk Wolf
Dovetailed Technologies
http://dovetail.com


On Tue, Sep 24, 2013 at 3:38 PM, Paul Gilmartin <paulgboul...@aim.com>wrote:

> On Tue, 24 Sep 2013 13:19:20 -0500, Kirk Wolf wrote:
> >
> >No, the sys admin can collect host public keys and put them in
> >/etc/ssh/known_hosts for all users.
> >
> /etc/ssh/ssh_known_hosts?
>
> >This is the preferred method, and best practice would be to manage these
> >enterprise wide and then automatically publish to all ssh client machines.
> >
> While we're here, what permissions do you recommend for ~/.ssh, etc.?
>
> I have:
> total 66
> drwx--x--x   2 user     513          512 Sep 23 15:02 .
> drwx--x--x  87 user     513        12288 Sep 24 14:27 ..
> -rw-------   1 user     513          230 Aug 10  2012 authorized_keys
> -rw-------   1 user     513           67 Aug 10  2012 environment
> -rw-------   1 user     513          887 Jun 23  2008 id_rsa
> -rw-r--r--   1 user     513          230 Aug 10  2012 id_rsa.pub
> -rw-------   1 user     513        14917 Sep 23 14:28 known_hosts
> -rw-------   1 user     513         1024 Sep 23 15:02 prng_seed
>
> others recomment, perhaps phobically:
>
> total 66
> drwx------   2 user     513          512 Sep 23 15:02 .
> drwx--x--x  87 user     513        12288 Sep 24 14:27 ..
> -rw-------   1 user     513          230 Aug 10  2012 authorized_keys
> -rw-------   1 user     513           67 Aug 10  2012 environment
> -rw-------   1 user     513          887 Jun 23  2008 id_rsa
> -rw-------   1 user     513          230 Aug 10  2012 id_rsa.pub
> -rw-------   1 user     513        14917 Sep 23 14:28 known_hosts
> -rw-------   1 user     513         1024 Sep 23 15:02 prng_seed
>
> -- gil
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to