Documentation error: wrong permissions given in FAQ

Nico Kadel-Garcia nkadel at gmail.com
Wed Aug 7 23:14:33 EST 2013


I'd frankly urge 0600 as a best practice. No one else needs casual read access to those public keys, especially when most such keys contain local usernames and hostnames in the "comments" segment.

Nico Kadel-Garcia
Email: nkadel at gmail.com
Sent from iPhone

On Aug 7, 2013, at 2:16, Joe Carroll <joe.carroll at sihti.fi> wrote:

> Hi,
> 
> I discovered yesterday that the instructions given at http://www.openssh.org/faq.html#3.14 regarding the correct permissions for the authorized_keys file mistakenly recommend chmod'ing the file to 600 when it should be 644. The requirement for public key authentication to work is in fact that ~/.ssh/authorized_keys is readable (but not writable) by group and other, not just owner. Someone should probably update the project's official FAQ accordingly to avoid future confusion. Unfortunately, I did not realise the error in this documentation before it caused me a great deal of frustration configuring chrooted key-only access to our server (Ubuntu 12.04 LTS).
> 
> Ystävällisin terveisin / Best regards,
> Joe Carroll
> IT-päällikkö / IT Manager
> joe at sihti.fi<mailto:joe at sihti.fi>
> +358 50 444 4466
> fi.linkedin.com/in/thejoecarroll<http://fi.linkedin.com/in/thejoecarroll>
> 
> Rekrytointipalvelu Sihti Oy
> Tampellan esplanadi 2, 2. krs
> 33100 TAMPERE
> www.sihti.fi<https://www.sihti.fi/>
> p. 010 320 6500
> Fax  010 320 6508
> 
> - Jos haluat osua, ota Sihti! -
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list