[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] SSH RSA Authentication on Raq2
- Subject: RE: [cobalt-security] SSH RSA Authentication on Raq2
- From: "Matthias Pigulla" <mp@xxxxxxxxxxxxx>
- Date: Wed, 24 May 2000 08:48:29 +0200
I'm using the SecureCRT client to ssh to RaQ2 and RaQ3s with home-build
sshds. RSA Authentication works just fine for me.
All you have to do is to copy your client's public key into
~/.ssh/authorized_keys, you can also do that during a password
authenticated (encrypted :!) session.
Make sure that (at least - that's how we set them) permissions are as
follows:
- the homedir does not have write access for group or others (umask 027
or even 077)
- the .ssh dir is chmod 700.
- all the files in the .ssh dir are chmod 600.
Esp. #1 is different to the way Cobalt ships the machines, for they use
the group permission bits to grant access (r/w!) to all users of the
same site.
Personally, I don't like this approach. It forces you to have the httpd
accessing files as member of the "others" group, but this also allows
every user on the Cobalt to access files the same way the httpd does.
On my other machines (non-Cobalt), we chown files to user:httpd and have
the httpd user as only user in the httpd group. This way, you can go
just fine (paranoid? :) with 750/640 perms.
Just my 2 * 10^-2 $ :)
Matthias
> -----Original Message-----
> make sure that on your target machine, you have the host key
> of the client
> machine.
I don't think you really need that?
--
w e b f a c t o r y G m b H
Matthias Pigulla <mp@xxxxxxxxxxxxx> - Geschaeftsfuehrer
Lessingstr. 60 - D-53113 Bonn - Germany - www.webfactory.de
Fon +49(0)228-9114455 - Fax +49(0)228-9114499 - ICQ 6394233