This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Is RSA authentication on SSH still broken?


> 
> Harig, Mark A. <maharig@idirect.net> wrote:
> > OK.  So, it appears that Cygwin users
> > of openssh have one of two options:
> >
> > 1. chmod 700 ~
> >    chgrp 18 ~/.ssh
> >    chmod 750 ~/.ssh
> >
> > or
> >
> > 2. chmod 755 ~
> >    chmod 700 ~/.ssh
> >
> > Do you have a recommendation on which of
> > these two options is more secure?
> 
> I'm assuming you meant:
> $ chmod 750 ~
> $ chgrp 18 ~
> $ chmod 700 ~/.ssh
> Since obviously world-readable ~ is less secure than 
> user-only-readable ~.
> 
> In which case, 1. seems better to me, because it actually 
> grants SYSTEM
> permissions where it needs them, rather than granting them 
> somewhere else
> and Windows weirdness making things work.
> 
> 

I have been using option 1.  My question comes from the fact
that Corinna Vinschen recommended that ~/.ssh be set to 700
(which is what 'set-keygen' sets it to) and that she had
pointed to my 'chmod 700 ~' as the reason that openssh would
not work if I set ~/.ssh to 700.

Is there a consensus about what to recommend to Cygwin users,
or does openssh work for some people with both ~ and ~/.ssh
set to 700?  (In which, case multiple recommendations would
need to be made.)





--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]