Re: How to Restart the service sshd in Fedora Linux System ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Directory /etc/ssh - should be drwxr-xr-x. The world must have the
rights to read and enter the directory but not write to it.

Most of the files should be -rw-------. Only root can read or write
them. None should have x permission. And ssh_config and the .pub
files should be -rw-r--r--.

Nobody but root should be able to write to that directory under any
circumstance or your system is open to exploitation.

Each user ~/.ssh directory should be drwxr-xr-x. Each file should be
-rw-r--r--. (This is probably wrong. The directory probably should be
drwx------ and the files should be -rw-------. But under RedHat and
Fedora home directories are drwx------, so people who do not belong
can't get to the directory in the first place.

{^_^}
----- Original Message ----- From: "Rick Stevens" <ricks@xxxxxxxx>
Sent: Tuesday, 2008, December 23 10:27


Jyotishmaan Ray wrote:
Please tell me whose permissions should be 700, please name the files whose permissions I must set to 700, and also let me know if anuthing lese has to be done in order to execute the ssh command.

My set up is as follows:

The /etc/ssh directory is owned by root, group of root and have 755
permissions (rwxrw-rw-).  The files IN /etc/ssh are all be owned by
root, group of root with 500 permissions (rw-------) EXCEPT ssh_config
and any "*.pub" files.  Those have 544 permissions (rw-r--r--).

In _your_ home directory, the .ssh directory is owned by you with your
group and have 700 permissions (rwx------).  The files in it should
be owned by you with your group and have 500 permissions (rw-------)
except any "*.pub" files, which can have 544 permissions (rw-r--r--).

Really, since the directory can only be read by you, all files could be
544 (rw-r--r--).  ssh really is worried about someone other than you
writing to those files.

--- On Mon, 12/22/08, Aaron Konstam <akonstam@xxxxxxxxxxxxx> wrote:
From: Aaron Konstam <akonstam@xxxxxxxxxxxxx>
Subject: Re: How to Restart the service sshd in Fedora Linux System ?
To: jyotishmaan@xxxxxxxxx, "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx>
Date: Monday, December 22, 2008, 9:26 PM

On Mon, 2008-12-22 at 05:06 -0800, Jyotishmaan Ray wrote:
Dear All FEDORA Users,

I am a new bir in fedora linux system as administrator.

Please tell me one thing.
In my fedora linux os server, i am not able to sshd service .

The thing is that, once I had to change the permissions of the files
just in order to avoid the other users to explore the system, using
chmod command. However, I have immediately changed the permissons
again back.


Soon after that I could not log on to the fedora server systm using
the ssh  serverhostname username command.

When tried to run sshd service using service sshd restart, I got the
folloeing errors shown below:-


Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open.
It is recommended that your private key files are NOT accessible by
others.
This private key will be ignored.
bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key
Could not load host key : /etc/ssh/ssh_host_dsa_key
Disabling protocol version 2. Could not load host key
sshd: no  hostkeys available --exiting



Please immedialtely let me know, what to fix in order to restart the
service sshd.

Permissions should be 700.







--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks@xxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-     Never put off 'til tommorrow what you can forget altogether!   -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux