Date: Mon, 10 Sep 2001 10:15:00 -0700 (PDT) From: David Kirchner <davidk@accretivetg.com> To: David Taylor <davidt@yadt.co.uk> Cc: Adam Laurie <adam@algroup.co.uk>, <Freebsd-security@FreeBSD.ORG> Subject: Re: allow selective RSA AUTH in sshd setup? Message-ID: <20010910101420.W85958-100000@localhost> In-Reply-To: <20010910191552.A61465@gattaca.yadt.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 10 Sep 2001, David Taylor wrote:
> Easy enough
>
> # mkdir ~user/.ssh
> # touch ~user/.ssh/{authorized_keys,config,random,etc,etc,etc}
> # chown root:usersprivategroup ~user/.ssh
> # chmod 750 ~user/.ssh
> # chown user:usersprivategroup ~user/.ssh/*
> # chmod 640 ~user/.ssh/*
> # chown root:usersprivategroup ~user/.ssh/authorized_keys
>
> SSH even seems happy to have a root-owned authorized_keys file...
And then chflags schg .ssh so the user can't rename and re-create the .ssh
directory.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010910101420.W85958-100000>