This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: Is RSA authentication on SSH still broken?

From: "Harig, Mark A." <maharig at idirect dot net>
To: <cygwin at cygwin dot com>
Date: Mon, 11 Nov 2002 10:32:06 -0500
Subject: RE: Is RSA authentication on SSH still broken?

> >        chmod 700 ~ && \
>          ^^^^^^^^^^^
> This is your problem.  By setting home and .ssh to 700 you 
> disallow sshd to
> stat() ~/.ssh.  Cygwin has two chances to retrieve 
> information about a file
> or directory, by either calling FindFileFirst() or by trying 
> to open the
> file and calling various Win32 access functions.
> 
> FindFileFirst() requires to have read permissions on the 
> parent directory,
> opening the file/dir requires read permissions on it.  If home as well
> as .ssh are 700, sshd has neither of these rights ==> The 
> check for .ssh
> fails.

OK.  So, it appears that Cygwin users
of openssh have one of two options:

1. chmod 700 ~
   chgrp 18 ~/.ssh
   chmod 750 ~/.ssh

or 

2. chmod 755 ~
   chmod 700 ~/.ssh 

Do you have a recommendation on which of
these two options is more secure?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: Is RSA authentication on SSH still broken?
  - From: Max Bowsher
- RE: Is RSA authentication on SSH still broken?
  - From: Igor Pechtchanski

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]