Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Thu, 19 Aug 2004 17:55:27 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Terry Branscombe <Terrence DOT Branscombe AT gems8 DOT gov DOT bc DOT ca>
cc: cygwin AT cygwin DOT com
Subject: Re: ssh client setup
In-Reply-To: <loom.20040819T225522-615@post.gmane.org>
Message-ID: <Pine.GSO.4.61.0408191749450.2589@slinky.cs.nyu.edu>
References: <loom DOT 20040819T225522-615 AT post DOT gmane DOT org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Scanned-By: MIMEDefang 2.39

On Thu, 19 Aug 2004, Terry Branscombe wrote:

> I'm having a bit of trouble getting the ssh client setup right and hope
> someone here can help me sort it out.
> 
> When I run ssh it complains that it cannot create the directory
> '/home/TBRANSCO/.ssh' (I created that directory manually when I was
> setting up my keys and have my private and public keys stored there).
> The ssh client then goes on to ask if the host key fingerprint is OK,
> prompts for the host password, and makes the connection.  I would just
> like the host keys to be stored permanently.
> 
> The permission on the '.ssh' folder, and its parents', are as follows:
> 
> drwxrwxrwx+   3 TBRANSCO myDomain        0 May  7 12:02 home/
> drwxrw-rw-+  12 TBRANSCO myDomain     8192 Aug 19 12:11 tbransco/
      ^^^^^^
> drwxrw-rw-+   2 TBRANSCO myDomain        0 Aug  7 12:17 .ssh/
      ^^^^^^
> My (wrapped) entry in the /etc/passwd file is as follows:
> 
> TBRANSCO:unused_by_nt/2000/xp:32078:10545:Terrence Branscombe,U-IDIR\TBRANSCO,<SID>:/home/TBRANSCO:/bin/bash
> 
> I've botched it somewhere, but can't spot where.  Any suggestions on
> what to change, add, or delete?

Sure.  "chmod og+x /home/tbransco /home/tbransco/.ssh".  Also check the 
output of "getfacl /home/tbransco /home/tbransco/.ssh" -- there may be 
some weird "Deny" ACLs there (that's what the '+' after the permissions 
indicates).

Be aware that if StrictModes is "on" in /etc/sshd_config (it usually is by 
default), sshd will refuse to use the keys in a world-readable (and most 
especially world-writeable) directory.  If you only ssh *out* to other 
machines, though, I don't think it matters.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Happiness lies in being privileged to work hard for long hours in doing
whatever you think is worth doing."  -- Dr. Jubal Harshaw

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/