Directory /etc/ssh - should be drwxr-xr-x. The world must have the
rights to read and enter the directory but not write to it.
Most of the files should be -rw-------. Only root can read or write
them. None should have x permission. And ssh_config and the .pub
files should be -rw-r--r--.
Nobody but root should be able to write to that directory under any
circumstance or your system is open to exploitation.
Each user ~/.ssh directory should be drwxr-xr-x. Each file should be
-rw-r--r--. (This is probably wrong. The directory probably should be
drwx------ and the files should be -rw-------. But under RedHat and
Fedora home directories are drwx------, so people who do not belong
can't get to the directory in the first place.
{^_^}
----- Original Message -----
From: "Rick Stevens" <ricks@xxxxxxxx>
Sent: Tuesday, 2008, December 23 10:27
Jyotishmaan Ray wrote:
Please tell me whose permissions should be 700, please name the files
whose permissions I must set to 700, and also let me know if anuthing
lese has to be done in order to execute the ssh command.
My set up is as follows:
The /etc/ssh directory is owned by root, group of root and have 755
permissions (rwxrw-rw-). The files IN /etc/ssh are all be owned by
root, group of root with 500 permissions (rw-------) EXCEPT ssh_config
and any "*.pub" files. Those have 544 permissions (rw-r--r--).
In _your_ home directory, the .ssh directory is owned by you with your
group and have 700 permissions (rwx------). The files in it should
be owned by you with your group and have 500 permissions (rw-------)
except any "*.pub" files, which can have 544 permissions (rw-r--r--).
Really, since the directory can only be read by you, all files could be
544 (rw-r--r--). ssh really is worried about someone other than you
writing to those files.
--- On Mon, 12/22/08, Aaron Konstam <akonstam@xxxxxxxxxxxxx> wrote:
From: Aaron Konstam <akonstam@xxxxxxxxxxxxx>
Subject: Re: How to Restart the service sshd in Fedora Linux System ?
To: jyotishmaan@xxxxxxxxx, "Community assistance, encouragement, and
advice for using Fedora." <fedora-list@xxxxxxxxxx>
Date: Monday, December 22, 2008, 9:26 PM
On Mon, 2008-12-22 at 05:06 -0800, Jyotishmaan Ray wrote:
Dear All FEDORA Users,
I am a new bir in fedora linux system as administrator.
Please tell me one thing.
In my fedora linux os server, i am not able to sshd service .
The thing is that, once I had to change the permissions of the files
just in order to avoid the other users to explore the system, using
chmod command. However, I have immediately changed the permissons
again back.
Soon after that I could not log on to the fedora server systm using
the ssh serverhostname username command.
When tried to run sshd service using service sshd restart, I got the
folloeing errors shown below:-
Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open.
It is recommended that your private key files are NOT accessible by
others.
This private key will be ignored.
bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key
Could not load host key : /etc/ssh/ssh_host_dsa_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available --exiting
Please immedialtely let me know, what to fix in order to restart the
service sshd.
Permissions should be 700.
--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks@xxxxxxxx -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- Never put off 'til tommorrow what you can forget altogether! -
----------------------------------------------------------------------
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines:
http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines