how to have ssh not disable local security policy?
L. A. Walsh
openssh at tlinx.org
Thu Jun 4 07:10:30 AEST 2015
It seems something changed (maybe I'm missing a patch)
to turn off this message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0650 for '/root/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
It isn't. The other permissions are controlled by the right
most digit which is 0. Each user -- including root,
is in their own group, so allowing groups access to
be the same as user access is policy.
By forcing this protection on my setup, I can't
have the same home directory for my local and domain
users even though they are the same on the server.
But on the win-machine with home mounted directories,
it messes things up and people have to come up with
insecure work-arounds. Group permissions != "others".
I did set the strictmodes to 'no', in the sshd_config
file... but I don't see a similar parameter in the
ssh file. Am I missing something?
Thanks!
More information about the openssh-unix-dev
mailing list