From owner-freebsd-questions@FreeBSD.ORG Wed Nov 5 01:17:58 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 315F4106568C for ; Wed, 5 Nov 2008 01:17:58 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA01.westchester.pa.mail.comcast.net (qmta01.westchester.pa.mail.comcast.net [76.96.62.16]) by mx1.freebsd.org (Postfix) with ESMTP id ABDA48FC1D for ; Wed, 5 Nov 2008 01:17:56 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA08.westchester.pa.mail.comcast.net ([76.96.62.12]) by QMTA01.westchester.pa.mail.comcast.net with comcast id bD5j1a0030Fqzac51DHwgG; Wed, 05 Nov 2008 01:17:56 +0000 Received: from koitsu.dyndns.org ([69.181.141.110]) by OMTA08.westchester.pa.mail.comcast.net with comcast id bDHu1a00D2P6wsM3UDHueJ; Wed, 05 Nov 2008 01:17:55 +0000 X-Authority-Analysis: v=1.0 c=1 a=Pfwp9ct7y7IA:10 a=vSN4N9KOxSAA:10 a=QycZ5dHgAAAA:8 a=eGuwx5rg478pu0Rp6aUA:9 a=q5S2YqzC_r-g7tOBvO3wAZAINrEA:4 a=EoioJ0NPDVgA:10 a=MSl-tDqOz04A:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id 4F9E4C9419; Tue, 4 Nov 2008 17:17:54 -0800 (PST) Date: Tue, 4 Nov 2008 17:17:54 -0800 From: Jeremy Chadwick To: af300wsm@gmail.com Message-ID: <20081105011754.GC62321@icarus.home.lan> References: <001636417a85d6c0f0045ae30fbf@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001636417a85d6c0f0045ae30fbf@google.com> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-questions@freebsd.org Subject: Re: Re: Authentication with SSH using public keys X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2008 01:17:58 -0000 On Tue, Nov 04, 2008 at 12:39:36PM -0800, af300wsm@gmail.com wrote: >> >> >> > Following onto the e-mail I made before, apparently that little > permissions >> >> > difference for the directory, .ssh, was the problem. Changing it to >> 644 > has, >> >> > apparently, fixed the problem. >> >> >> >> Cool :) . I learnt this from my first SSH public-key authentication >> >> configuration ;) >> >> >> >> Ashish >> >> -- >> > > Of course I meant to say that changing the perms to 755 fixed it, not > 644. I'm still reviewing the docs but I think that this directory could > be made 700, is that correct? Or, at the least, 750? The ~/.ssh directory should be 700. Remember, sshd runs as root, which means the permissions shouldn't really matter (sans the execute bit, which as I said is needed for directories). You don't want 750 unless you ***really*** intend for members of the same group to have read access to your ~/.ssh/ directory. Based on the OP's description of the setup, he does not need this. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |