Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <415AB900.6080207@swipnet.se>
Date: Wed, 29 Sep 2004 15:30:40 +0200
From: a12 <a12 AT swipnet DOT se>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: ssh-host-config requires cygminires.dll
References: <415975F6 DOT 5030403 AT swipnet DOT se> <Pine DOT GSO DOT 4 DOT 61 DOT 0409281059050 DOT 4120 AT slinky DOT cs DOT nyu DOT edu> <415983C7 DOT 9010101 AT swipnet DOT se> <Pine DOT GSO DOT 4 DOT 61 DOT 0409281328350 DOT 4220 AT slinky DOT cs DOT nyu DOT edu> <415A73B6 DOT 2030306 AT swipnet DOT se> <415A7C82 DOT 99C307BE AT dessent DOT net> <415A8259 DOT 909 AT swipnet DOT se> <415A98AC DOT B1140D40 AT dessent DOT net> <415A9B4E DOT 5A1EB3E7 AT dessent DOT net>
In-Reply-To: <415A9B4E.5A1EB3E7@dessent.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-imss-version: 2.7
X-imss-result: Passed
X-imss-scores: Clean:55.52343 C:8 M:0 S:5 R:5
X-imss-settings: Baseline:2 C:1 M:2 S:1 R:1 (0.1500 0.1500)
X-IsSubscribed: yes

Hello again,

I have just checked the ownership of .pub files, and they are readable 
by everyone.

Brian Dessent wrote:

>Brian Dessent wrote:
>
>
>>>ssh_host_*_key.pub are owned by the user that has run ssh-host-config
>>>Is it OK ?
>>>
>>If you ran the above commands they should be owned by SYSTEM.  The idea
>>here is that those files contain the private half of the host's
>>public/private keypair, and this is sensitive data.  So the file should
>>be readable only by the account that runs the ssh daemon.  If you are
>>the only local user then it doesn't really matter much as you can be
>>trusted, but on an actual multiuser posix system you would want to
>>restrict the host key files accordingly.
>>
>
>Sorry, I realize I misread.  The .pub files are the public half of the
>keypair, and should be world-readable by anyone.  The ones that don't
>end in .pub are the private half of the keypair and should be
>restricted.
>
>Brian
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Problem reports:       http://cygwin.com/problems.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/
>
>
>


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/