On 10/18/12, Mark Montague <mark@xxxxxxxxxxx> wrote: > But in your original email you said, " the ssh key is "-rw-------" > permission which deny apache to access it". If apache owns the key, it > should be able to read it. Or do you mean "/usr/bin/ssh refused to use > the key, even though it could read it, due to it being in a directory > owned by another user and/or readable by another user"? > > Either way, it's good that you're only using this key for the web > application and nothing else. I cannot log in as apache, so I have to login as root to create directory. I have to fix it by changing directory ownership from root to apache. The apache account seems set up to be no-login, just wandering if I could login as apache user, not root user to edit apache file and directory? > The apache home directory can be changed, if you want to change it. Sure, but normally we should not change it. > The DocumentRoot directive says, "make all files in and below this > directory available to web clients". Do you want people requesting > http://your.server/.bashrc or http://your.server/.ssh/id_rsa ? If not, > make sure that the DocumentRoot directory and the apache home directory > are two different things. I know, it is actually in different level, the ocumentRoot = /var/www/html. > Under CentOS, the default DocumentRoot directory is /var/www/html so if > you have not changed this, it is OK to have the private ssh key in > /var/www/.ssh/id_pub since that will not get served to clients. You are right. Thank you very much Mark. Cheers. Jupiter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx