From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 20:43:41 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26E99106564A for ; Tue, 4 Nov 2008 20:43:41 +0000 (UTC) (envelope-from yuri.pankov@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.freebsd.org (Postfix) with ESMTP id 2426A8FC1D for ; Tue, 4 Nov 2008 20:43:39 +0000 (UTC) (envelope-from yuri.pankov@gmail.com) Received: by nf-out-0910.google.com with SMTP id h3so1390041nfh.33 for ; Tue, 04 Nov 2008 12:43:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:received :x-authentication-warning:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :content-transfer-encoding:in-reply-to:user-agent; bh=kPJ1G7gLW51ZwK4ph62uo5NDgX12bVaw8Mr/XR4rKKc=; b=gpeHYWkFw0X5EEHjka3lrMIUqos6nIteO3TaKPg79YlJuGopOhtREKEB+SXfTrDq9g 7ECrGTQRSOCCHMPwRkKHaiqqsbQw3yrZ6t9ek4p3dZjIkeyZ4VCvTqKBM4RiMdwQtWJO UBRmyGIw9Ys2xN2g2vg6Iq8YNPbAqa3jz8dJA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=x-authentication-warning:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :content-transfer-encoding:in-reply-to:user-agent; b=owSXhUbk9zf5BgmhnBYuzwMY0JS/7qyKFXBYoVG8mSw9u97L9TkfikLM9rPyMcb+9F a990fjqqQ7Su9bXggaFFyaI4CiBC3nEGy3Gve4VT/F+xEFuZLUBJdMkiHhguUUWZpOl5 RkqpkQ/mKPVwWd3jy0OUwBFqJXmU+sbz5oOlU= Received: by 10.210.133.2 with SMTP id g2mr30595ebd.99.1225831415190; Tue, 04 Nov 2008 12:43:35 -0800 (PST) Received: from darklight.homeunix.org ([85.175.24.53]) by mx.google.com with ESMTPS id 5sm12637767eyh.2.2008.11.04.12.43.33 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 04 Nov 2008 12:43:34 -0800 (PST) Received: from darklight.homeunix.org (yuri@darklight.homeunix.org [127.0.0.1]) by darklight.homeunix.org (8.14.3/8.14.3) with ESMTP id mA4KhVKK001870; Tue, 4 Nov 2008 23:43:31 +0300 (MSK) (envelope-from yuri.pankov@gmail.com) Received: (from yuri@localhost) by darklight.homeunix.org (8.14.3/8.14.3/Submit) id mA4KhVnd001869; Tue, 4 Nov 2008 23:43:31 +0300 (MSK) (envelope-from yuri.pankov@gmail.com) X-Authentication-Warning: darklight.homeunix.org: yuri set sender to yuri.pankov@gmail.com using -f Date: Tue, 4 Nov 2008 23:43:31 +0300 From: Yuri Pankov To: af300wsm@gmail.com Message-ID: <20081104204331.GB1801@darklight.homeunix.org> References: <001636417a85d6c0f0045ae30fbf@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <001636417a85d6c0f0045ae30fbf@google.com> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-questions@freebsd.org Subject: Re: Re: Authentication with SSH using public keys X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2008 20:43:41 -0000 On Tue, Nov 04, 2008 at 12:39:36PM -0800, af300wsm@gmail.com wrote: >> >> >> > Following onto the e-mail I made before, apparently that little > permissions >> >> > difference for the directory, .ssh, was the problem. Changing it to >> 644 > has, >> >> > apparently, fixed the problem. >> >> >> >> Cool :) . I learnt this from my first SSH public-key authentication >> >> configuration ;) >> >> >> >> Ashish >> >> -- >> > > Of course I meant to say that changing the perms to 755 fixed it, not > 644. I'm still reviewing the docs but I think that this directory could > be made 700, is that correct? Or, at the least, 750? >From ssh(1): ~/.ssh/ This directory is the default location for all user‐specific con‐ figuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. So 700 is not only possible, but also recommended. :-) Yuri