delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2003/12/10/16:08:34

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Reply-To: Cygwin List <cygwin AT cygwin DOT com>
Message-Id: <6.0.1.1.0.20031210155739.03912978@127.0.0.1>
X-Sender:
Date: Wed, 10 Dec 2003 16:05:44 -0500
To: ehud AT unix DOT mvs DOT co DOT il, mberney AT polyserve DOT com
From: Larry Hall <cygwin-lh AT cygwin DOT com>
Subject: Re: Question about cygwin sshd and StrictModes
Cc: cygwin AT cygwin DOT com
In-Reply-To: <200312101900.hBAJ0Uki015582@beta.mvs.co.il>
References: <C75BC7A96CFE2C44B38C639E4362739E018A29A1 AT postman DOT ms DOT polyserve DOT com>
<200312101900 DOT hBAJ0Uki015582 AT beta DOT mvs DOT co DOT il>
Mime-Version: 1.0

At 02:00 PM 12/10/2003, Ehud Karni you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wed, 10 Dec 2003 09:17:23 -0800, Matt Berney <xxx AT xxx DOT xxx> wrote:
>>
>> Thanks for the no-help.  I have already read all relevant
>> documentation that I could find.  That is the reason for
>> posting a message to the group.  In the future, if you wish
>> to be helpful, please offer more than RTFM.
>
>I don't exactly know what Larry meant, but if you read the "Fucking"
>manual as you claim, you either missed or misunderstood the following
>(from the man pages of sshd_config(5) ):
>
>  StrictModes
>    Specifies whether sshd should check file modes and ownership of
>    the user's files and home directory before accepting login.  This
>                        ^^^^^^
>    is normally desirable because novices sometimes accidentally
>    leave their directory or files world-writable.  The default is
>    ``yes''.
>
>Which is in plain English: check the permissions of your Home (~/)
>and your ssh (~/.ssh) directories. Your home directory must NOT be
>writable by others (not even from your group) and the ~/.ssh should
>not be readable by others (because you may have your private keys
>there).
>
>Ehud.


Colorful language aside, I think Ehud brings up a good point.  While 
this is a port of openssh to Cygwin, all the regular documentation for 
openssh is valid and should be consulted when investigating an issue.
These guidelines are valid across all platforms.  In this case, the 
prose from the man-page that Ehud quotes seems quite relevant and his
suggestion very sound.

Ehud, you should be careful about replying to the list if your
reply would expose somebody's email address in the body of a message.  
You'll note I've obscured Matt's email address that came from your reply.



--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746                     


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019