Mail Archives: cygwin/2004/09/29/07:22:09

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2004/09/29/07:22:09

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Message-ID: <415A9B4E.5A1EB3E7@dessent.net>

Date: Wed, 29 Sep 2004 04:23:58 -0700

From: Brian Dessent <brian AT dessent DOT net>

Organization: My own little world...

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: ssh-host-config requires cygminires.dll

References: <415975F6 DOT 5030403 AT swipnet DOT se> <Pine DOT GSO DOT 4 DOT 61 DOT 0409281059050 DOT 4120 AT slinky DOT cs DOT nyu DOT edu> <415983C7 DOT 9010101 AT swipnet DOT se> <Pine DOT GSO DOT 4 DOT 61 DOT 0409281328350 DOT 4220 AT slinky DOT cs DOT nyu DOT edu> <415A73B6 DOT 2030306 AT swipnet DOT se> <415A7C82 DOT 99C307BE AT dessent DOT net> <415A8259 DOT 909 AT swipnet DOT se> <415A98AC DOT B1140D40 AT dessent DOT net>

X-IsSubscribed: yes

Reply-To: cygwin AT cygwin DOT com

Brian Dessent wrote:

> > ssh_host_*_key.pub are owned by the user that has run ssh-host-config
> > Is it OK ?
> 
> If you ran the above commands they should be owned by SYSTEM.  The idea
> here is that those files contain the private half of the host's
> public/private keypair, and this is sensitive data.  So the file should
> be readable only by the account that runs the ssh daemon.  If you are
> the only local user then it doesn't really matter much as you can be
> trusted, but on an actual multiuser posix system you would want to
> restrict the host key files accordingly.

Sorry, I realize I misread.  The .pub files are the public half of the
keypair, and should be world-readable by anyone.  The ones that don't
end in .pub are the private half of the keypair and should be
restricted.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<415A9B4E.5A1EB3E7@dessent.net>
Date:	Wed, 29 Sep 2004 04:23:58 -0700
From:	Brian Dessent <brian AT dessent DOT net>
Organization:	My own little world...
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: ssh-host-config requires cygminires.dll
References:	<415975F6 DOT 5030403 AT swipnet DOT se> <Pine DOT GSO DOT 4 DOT 61 DOT 0409281059050 DOT 4120 AT slinky DOT cs DOT nyu DOT edu> <415983C7 DOT 9010101 AT swipnet DOT se> <Pine DOT GSO DOT 4 DOT 61 DOT 0409281328350 DOT 4220 AT slinky DOT cs DOT nyu DOT edu> <415A73B6 DOT 2030306 AT swipnet DOT se> <415A7C82 DOT 99C307BE AT dessent DOT net> <415A8259 DOT 909 AT swipnet DOT se> <415A98AC DOT B1140D40 AT dessent DOT net>
X-IsSubscribed:	yes
Reply-To:	cygwin AT cygwin DOT com