Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Is RSA authentication on SSH still broken? Date: Thu, 7 Nov 2002 18:54:48 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: From: "Harig, Mark A." To: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id gA7NsvZ17105 > > First, the directory permission doesn't restrict the access for SYSTEM > due to the standard "Bypass traverse checking" setting on NT. > So setting > the .ssh permissions to 0700 is perfectly fine. > I must be missing a piece of information. Setting the permissions of ~/.ssh to 700 causes ssh to require me to enter a password, that is, the encryption-key processing is failing. Setting the permissions of ~/.ssh to 750 (if the group setting is SYSTEM) or to 755 (if the group setting is not SYSTEM) allows ssh to access the encryption-key files. > Second, I don't see the point in setting the permissions of > .ssh/authorized_keys to 0600 at all. The content of that > file is a list > of the *public* part of the keys so it's their intent to be > readable by > anybody. That was my understanding also. I assumed that my understanding was incorrect because ssh would report that my permissions for ~/.ssh/authorized_keys was too open. I'm unable to reproduce that at this time. This issue is closed as far as I am concerned, until I can reproduce the problem. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/