Directory /etc/ssh - should be drwxr-xr-x. The world must have the rights to read and enter the directory but not write to it.
Most of the files should be -rw-------. Only root can read or write them. None should have x permission. And ssh_config and the .pub files should be -rw-r--r--.
Nobody but root should be able to write to that directory under any circumstance or your system is open to exploitation.
Each user ~/.ssh directory should be drwxr-xr-x. Each file should be -rw-r--r--. (This is probably wrong. The directory probably should be drwx------ and the files should be -rw-------. But under RedHat and Fedora home directories are drwx------, so people who do not belong can't get to the directory in the first place.
{^_^} ----- Original Message ----- From: "Rick Stevens" ricks@nerd.com Sent: Tuesday, 2008, December 23 10:27
Jyotishmaan Ray wrote:
Please tell me whose permissions should be 700, please name the files whose permissions I must set to 700, and also let me know if anuthing lese has to be done in order to execute the ssh command.
My set up is as follows:
The /etc/ssh directory is owned by root, group of root and have 755 permissions (rwxrw-rw-). The files IN /etc/ssh are all be owned by root, group of root with 500 permissions (rw-------) EXCEPT ssh_config and any "*.pub" files. Those have 544 permissions (rw-r--r--).
In _your_ home directory, the .ssh directory is owned by you with your group and have 700 permissions (rwx------). The files in it should be owned by you with your group and have 500 permissions (rw-------) except any "*.pub" files, which can have 544 permissions (rw-r--r--).
Really, since the directory can only be read by you, all files could be 544 (rw-r--r--). ssh really is worried about someone other than you writing to those files.
--- On Mon, 12/22/08, Aaron Konstam akonstam@sbcglobal.net wrote: From: Aaron Konstam akonstam@sbcglobal.net Subject: Re: How to Restart the service sshd in Fedora Linux System ? To: jyotishmaan@yahoo.com, "Community assistance, encouragement, and advice for using Fedora." fedora-list@redhat.com Date: Monday, December 22, 2008, 9:26 PM
On Mon, 2008-12-22 at 05:06 -0800, Jyotishmaan Ray wrote:
Dear All FEDORA Users,
I am a new bir in fedora linux system as administrator.
Please tell me one thing. In my fedora linux os server, i am not able to sshd service .
The thing is that, once I had to change the permissions of the files just in order to avoid the other users to explore the system, using chmod command. However, I have immediately changed the permissons again back.
Soon after that I could not log on to the fedora server systm using the ssh serverhostname username command.
When tried to run sshd service using service sshd restart, I got the folloeing errors shown below:-
Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key Could not load host key : /etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available --exiting
Please immedialtely let me know, what to fix in order to restart the service sshd.
Permissions should be 700.
--
- Rick Stevens, Systems Engineer ricks@nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
-
Never put off 'til tommorrow what you can forget altogether! -
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines