Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Is RSA authentication on SSH still broken? Date: Mon, 11 Nov 2002 12:06:17 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: From: "Harig, Mark A." To: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id gABH6WO15427 > > > > OK. So, it appears that Cygwin users > > of openssh have one of two options: > > > > 1. chmod 700 ~ > > chgrp 18 ~/.ssh > > chmod 750 ~/.ssh > > > > or > > > > 2. chmod 755 ~ > > chmod 700 ~/.ssh > > > > Do you have a recommendation on which of > > these two options is more secure? > > According to what I remember about Unix permissions, 'chmod > 711 ~' should > suffice. This will allow anyone to access a subdirectory of > your $HOME > *if they know the exact path*. Same with ~/.ssh. You can then make > authorized_keys world-readable without exposing the rest of your home > directory. Are you able to make this work? 1. If I 'chmod 711 ~' and 'chmod 700 ~/.ssh', then ssh is not able to read my private/public keys (i.e., it prompts me for a password). 2. If I follow that with 'chmod 750 ~', then ssh allows access without prompting for a password. Both of these assume 'chgrp 18 ~'. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/