savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] Re: savannah sucks

From: Thomas Bushnell, BSG
Subject: [Savannah-hackers] Re: savannah sucks
Date: 26 Aug 2002 15:23:58 -0700
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 
Jeff Bailey <address@hidden> writes:

> I just lokoed at the log file, and I'm happy that you're wrong (I
> can't see where it would improve security to permit your
> authorized_keys to be world writable).  

I can't see where it would hurt security to *permit* it.  In any case,
my ssh documentation does say:

     $HOME/.ssh/authorized_keys
             Lists the public keys (RSA/DSA) that can be used for logging in
             as this user.  The format of this file is described in the
             sshd(8) manual page.  In the simplest form the format is the same
             as the .pub identity files.  This file is not highly sensitive,
             but the recommended permissions are read/write for the user, and
             not accessible by others.

And has no mention of such lossage.  I didn't permit my keys to be
world writable anyhow.  

> I did find one more place to
> change permissions, though:
> 
> Aug 26 18:13:14 subversions sshd[28157]: Authentication refused: bad
> ownership or modes for directory /home/thomas/.ssh

Bletcherous.  So now it works.

I want to note that "security" has here caused a major loss of work.
I would have found this trivially if the logs weren't restricted.

Thomas
reply via email to
[Prev in Thread] Current Thread [Next in Thread]