Re: Passwordless login via SSH

On Mon, 14 Apr 2008 22:25:24 -0400 Richard E. Silverman <res@xxxxxxxx> wrote:
|>>>>> "RR" == Roman Ratnaweera <roman@xxxxxxxxx> writes:
|
| RR> I don't know why I hardly ever get answers to my questions.
| RR> Either they are too stupid or too specific... or something else is
| RR> wrong.
|
| >> I'm using passwordless logins to remote computers successfully for
| >> "normal" PCs. (guide on http://www.tux.org/~tbr/rsync/) With my
| >> freecom Network attached storage running OpenSSH_4.5p1, OpenSSL
| >> 0.9.7m 23 Feb 2007 however, it doesn't work. (guide on
| >> http://www.openfsg.com/index.php/Ssh_without_passwords)
|
| RR> Anyay, for the record, I stumbled across the solution on a wiki.
| RR> I knew that .ssh and authorized_keys had to have chmod 700 and 600
| RR> respectively. But it seems for the mentioned NAS gadget, that is
| RR> not enough. It acutally requires the user's home directory to be
| RR> 700 as well. I have no idea why this is so.
|
| So that others can't subvert your security by simply renaming, deleting,
| or replacing your ~/.ssh.

And how does read-only access enable that? The only things I am aware of
that need protection from reading are the non-public keys.

My home directory is 755 and that works fine. If it were 775 then someone in
my group could juggle around some directory he found that could, if renamed
as ".ssh", permit her to login as me. Reality is, I use personal groups for
only my own userids. But sshd doesn't know that because other systems might
have different userids in a group that shouldn't login as each other. But
permissions of 755 on the home directory should be fine.

--
|WARNING: Due to extreme spam, I no longer see any articles originating from |
| Google Groups. If you want your postings to be seen by more readers |
| you will need to find a different place to post on Usenet. |
| Phil Howard KA9WGN (email for humans: first name in lower case at ipal.net) |
.

Relevant Pages

  • Re: [SLE] Hacked?
    ... >non-root user was created and used successfully for about a week. ... AS root we reset the password and can now login on a character ... we tried removing this use and his home directory along with all ... I use rsync nightly to backup my entire home directory into a ...
    (SuSE)
  • user login error on CDE
    ... The DT messaging system could not be started ... Select Failsafe Session from the login screen's option menu and login ... Check to see any magic cookie related error messages in these locations: ... -F on home directory, so I shutdown nfs server, unshared the home directory. ...
    (SunManagers)
  • Re: Changing account home directory in Solaris 10
    ... the account home directory stated: ... There is no problem when the acc login. ... # At present there isn't a 'files' backend for netgroup; ...
    (comp.unix.solaris)
  • RE: ssh login error
    ... I think that your problem is described in the first error message - sshd ... Is there a root's home directory /home/root in that server at the login ...
    (RedHat)
  • Re: ssh help, I want user to be able to access only specified folders
    ... Make a new in you home directory and give it restricted permissions ... First make a list of the reasons that a user might login. ... Make a list of the actions the user is to take on the files you permit access to. ...
    (Fedora)