Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <415A9B4E.5A1EB3E7@dessent.net> Date: Wed, 29 Sep 2004 04:23:58 -0700 From: Brian Dessent Organization: My own little world... MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: ssh-host-config requires cygminires.dll References: <415975F6 DOT 5030403 AT swipnet DOT se> <415983C7 DOT 9010101 AT swipnet DOT se> <415A73B6 DOT 2030306 AT swipnet DOT se> <415A7C82 DOT 99C307BE AT dessent DOT net> <415A8259 DOT 909 AT swipnet DOT se> <415A98AC DOT B1140D40 AT dessent DOT net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Reply-To: cygwin AT cygwin DOT com Brian Dessent wrote: > > ssh_host_*_key.pub are owned by the user that has run ssh-host-config > > Is it OK ? > > If you ran the above commands they should be owned by SYSTEM. The idea > here is that those files contain the private half of the host's > public/private keypair, and this is sensitive data. So the file should > be readable only by the account that runs the ssh daemon. If you are > the only local user then it doesn't really matter much as you can be > trusted, but on an actual multiuser posix system you would want to > restrict the host key files accordingly. Sorry, I realize I misread. The .pub files are the public half of the keypair, and should be world-readable by anyone. The ones that don't end in .pub are the private half of the keypair and should be restricted. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/