This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
RE: Is RSA authentication on SSH still broken?
- From: "Harig, Mark A." <maharig at idirect dot net>
- To: <cygwin at cygwin dot com>
- Date: Mon, 11 Nov 2002 10:57:22 -0500
- Subject: RE: Is RSA authentication on SSH still broken?
>
> Harig, Mark A. <maharig@idirect.net> wrote:
> > OK. So, it appears that Cygwin users
> > of openssh have one of two options:
> >
> > 1. chmod 700 ~
> > chgrp 18 ~/.ssh
> > chmod 750 ~/.ssh
> >
> > or
> >
> > 2. chmod 755 ~
> > chmod 700 ~/.ssh
> >
> > Do you have a recommendation on which of
> > these two options is more secure?
>
> I'm assuming you meant:
> $ chmod 750 ~
> $ chgrp 18 ~
> $ chmod 700 ~/.ssh
> Since obviously world-readable ~ is less secure than
> user-only-readable ~.
>
> In which case, 1. seems better to me, because it actually
> grants SYSTEM
> permissions where it needs them, rather than granting them
> somewhere else
> and Windows weirdness making things work.
>
>
I have been using option 1. My question comes from the fact
that Corinna Vinschen recommended that ~/.ssh be set to 700
(which is what 'set-keygen' sets it to) and that she had
pointed to my 'chmod 700 ~' as the reason that openssh would
not work if I set ~/.ssh to 700.
Is there a consensus about what to recommend to Cygwin users,
or does openssh work for some people with both ~ and ~/.ssh
set to 700? (In which, case multiple recommendations would
need to be made.)
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/