Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Fri, 8 Nov 2002 09:47:42 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Is RSA authentication on SSH still broken? Message-ID: <20021108094742.L24497@cygbert.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.22.1i On Thu, Nov 07, 2002 at 06:54:48PM -0500, Harig, Mark A. wrote: > I must be missing a piece of information. Setting the > permissions of ~/.ssh to 700 causes ssh to require me > to enter a password, that is, the encryption-key processing > is failing. Setting the permissions of ~/.ssh to 750 (if > the group setting is SYSTEM) or to 755 (if the group setting > is not SYSTEM) allows ssh to access the encryption-key files. Are you actually sure? The permissions of directories don't influence the permissions to the underlying files and directories unless an administrator changes the setting of the above "Bypass traverse checking" user right. Just to be sure I did check that yesterday on my system so I'm pretty confident. "Bypass traverse checking" is on by default for Everyone. This is annoyingly different from UNIX file systems from my point of view but AFAIK professional Windows admins like it. And since it's the default and most users don't know what it's doing anyway, I don't change it on my test system, too. > > Second, I don't see the point in setting the permissions of > > .ssh/authorized_keys to 0600 at all. The content of that > > file is a list > > of the *public* part of the keys so it's their intent to be > > readable by > > anybody. > > That was my understanding also. I assumed that my understanding > was incorrect because ssh would report that my permissions for > ~/.ssh/authorized_keys was too open. I'm unable to reproduce that > at this time. This issue is closed as far as I am concerned, until > I can reproduce the problem. OpenSSH is a UNIX-centric application as most are in the Cygwin distro. As such, OpenSSH checks permissions in a UNIX sense. Actually, OpenSSH checks also the permissions of the parent directory chain up to the users home directory. It requires as minimum 755 on ~ 755 on ~/.ssh 644 on ~/.ssh/authorized keys as long as StrictModes is on. If one of them doesn't meet that requirements, sshd complains. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/