Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Is RSA authentication on SSH still broken? Date: Mon, 11 Nov 2002 10:32:06 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: From: "Harig, Mark A." To: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id gABFWip27887 > > chmod 700 ~ && \ > ^^^^^^^^^^^ > This is your problem. By setting home and .ssh to 700 you > disallow sshd to > stat() ~/.ssh. Cygwin has two chances to retrieve > information about a file > or directory, by either calling FindFileFirst() or by trying > to open the > file and calling various Win32 access functions. > > FindFileFirst() requires to have read permissions on the > parent directory, > opening the file/dir requires read permissions on it. If home as well > as .ssh are 700, sshd has neither of these rights ==> The > check for .ssh > fails. OK. So, it appears that Cygwin users of openssh have one of two options: 1. chmod 700 ~ chgrp 18 ~/.ssh chmod 750 ~/.ssh or 2. chmod 755 ~ chmod 700 ~/.ssh Do you have a recommendation on which of these two options is more secure? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/