Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <00a101c28998$b2d36d30$78d96f83@pomello>
From: "Max Bowsher" <maxb AT ukf DOT net>
To: "Harig, Mark A." <maharig AT idirect DOT net>, <cygwin AT cygwin DOT com>
References: <BADF3C947A1BD54FBA75C70C241B0B9E763046 AT ex02 DOT idirect DOT net>
Subject: Re: Is RSA authentication on SSH still broken?
Date: Mon, 11 Nov 2002 15:40:44 -0000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

Harig, Mark A. <maharig AT idirect DOT net> wrote:
> OK.  So, it appears that Cygwin users
> of openssh have one of two options:
>
> 1. chmod 700 ~
>    chgrp 18 ~/.ssh
>    chmod 750 ~/.ssh
>
> or
>
> 2. chmod 755 ~
>    chmod 700 ~/.ssh
>
> Do you have a recommendation on which of
> these two options is more secure?

I'm assuming you meant:
$ chmod 750 ~
$ chgrp 18 ~
$ chmod 700 ~/.ssh
Since obviously world-readable ~ is less secure than user-only-readable ~.

In which case, 1. seems better to me, because it actually grants SYSTEM
permissions where it needs them, rather than granting them somewhere else
and Windows weirdness making things work.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/