chmod 750 $HOME
chmod -R 700 $HOME/.ssh
This creates the strictest permissions for all the files under .ssh which will satisfy SSH's requirements for those files. SSH's recommendations and requirements (underlined) are below (from the manpage):
- ~/.ssh/id_rsa (OR ANY PRIV KEY) - These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply ignore a private key file if it is accessible by others.
- ~/.ssh/config - Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not accessible by others.
- ~/.ssh/authorized_keys - This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others.
- ~/.ssh/ - There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user, and not accessible by others.
- ~/.rhosts - Additionally, this file must be owned by the user, and must not have write permissions for anyone else. The recommended permission for most machines is read/write for the user, and not acces- sible by others.
- ~/.shosts - Same as rhosts
- ~/.ssh/id_rsa.pub (OR ANY PUB KEY) - These files are not sensitive and can (but need not) be readable by anyone.
- /etc/hosts.equiv - It should only be writable by root
- /etc/shosts.equiv - same as above
- /etc/ssh/ssh_known_hosts - It should be world-readable
No comments:
Post a Comment