This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Is RSA authentication on SSH still broken?


> 
> First, the directory permission doesn't restrict the access for SYSTEM
> due to the standard "Bypass traverse checking" setting on NT. 
>  So setting
> the .ssh permissions to 0700 is perfectly fine.
> 

I must be missing a piece of information.  Setting the
permissions of ~/.ssh to 700 causes ssh to require me
to enter a password, that is, the encryption-key processing
is failing.  Setting the permissions of ~/.ssh to 750 (if
the group setting is SYSTEM) or to 755 (if the group setting
is not SYSTEM) allows ssh to access the encryption-key files.

> Second, I don't see the point in setting the permissions of
> .ssh/authorized_keys to 0600 at all.  The content of that 
> file is a list
> of the *public* part of the keys so it's their intent to be 
> readable by
> anybody.

That was my understanding also.  I assumed that my understanding
was incorrect because ssh would report that my permissions for
~/.ssh/authorized_keys was too open.  I'm unable to reproduce that
at this time.  This issue is closed as far as I am concerned, until
I can reproduce the problem.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]