Security Basics mailing list archives
Re: ssh key problem
From: Jon Hart <warchild () spoofed org>
Date: Fri, 7 Jan 2005 15:51:33 -0500
On Fri, Jan 07, 2005 at 04:12:41PM +0100, Thomas Reinhold wrote:
Hi everybody, I've got a little problem with my ssh authentication. I'm using RSA based key authentication when logging on to remote machines via open ssh (on Debian Sarge). Everything is working fine, but now after having put my keys on a usb-stick the ssh-client doesn't accept them anymore due to bad file permissions (not restrictive enough). I can change those permissions while the usb device is mounted, but after remounting they are set back to the old state. Is there any way to tell the ssh-client to ignore those file-permissions?
Those restrictions are there for a reason. Key based authentication in SSH requires that you have they key and know the passphrase to decrypt it -- something you have and something you know. If the permissions are world or group readable/writable, this form of authentication is no more secure than plain old username and password authentication because a malicious local user could possible gain access to the keyfile. Then all they'd have to do is obtain the passphrase. Suggestions? Don't try and circument this. Mount the USB device so that file permissions get applied correctly. If this is a windows-ish filesystem on the USB device, you'll probably have to force the permissions. `man mount` will tell you what options you need depending on what filesystem is on that key. -jon
Current thread:
- ssh key problem Thomas Reinhold (Jan 07)
- Re: ssh key problem Ansgar -59cobalt- Wiechers (Jan 07)
- Re: ssh key problem Thomas Reinhold (Jan 07)
- Re: ssh key problem Ansgar -59cobalt- Wiechers (Jan 07)
- Re: ssh key problem Thomas Reinhold (Jan 07)
- Re: ssh key problem Jon Hart (Jan 07)
- Re: ssh key problem Thomas Reinhold (Jan 10)
- Re: ssh key problem Ansgar -59cobalt- Wiechers (Jan 07)