[ale] ssh authorized_keys2, what am I missing?
James P. Kinney III
jkinney at localnetsolutions.com
Thu Jun 9 21:50:10 EDT 2005
On Thu, 2005-06-09 at 17:10 -0600, Michael Hirsch wrote:
>
> That's bee a problem on RH forever, and I can't decide if itis a bug
> in RH, OpenSSH, or neither. RH uses their clever "every user gets
> their own group" system which allows everyone to have a 002 umod
> instead of the more traditional 022. I'm pretty sure that that is
> what causes the keyfile to end up with "wrong" permissions. It is
> group writable and SSH doesn't like that.
>
> I think the RH group system is quite clever. It allows teams to setup
> directories that the team can write to very easily. But it does cause
> problems with SSH. So, who is at fault?
RedHat. ssh-keygen should be modified to generate proper keys or ssh
should be modified to accept the ssh-keygen'ed keys. The most correct
way would be to mod keygen and a more restrictive perm setting on the
keys and directory are not an issue for ssh.
Hmm. The more I think about it, it's a bug in keygen. If the default
form produces keys/directory with 660 perms, that is just plain wrong.
keygen is supposed to be a support tool for ssh so it should function
properly.
>
> Michael
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Ale
mailing list