>
> On Thu, Nov 07, 2002 at 06:54:48PM -0500, Harig, Mark A. wrote:
> > I must be missing a piece of information. Setting the
> > permissions of ~/.ssh to 700 causes ssh to require me
> > to enter a password, that is, the encryption-key processing
> > is failing. Setting the permissions of ~/.ssh to 750 (if
> > the group setting is SYSTEM) or to 755 (if the group setting
> > is not SYSTEM) allows ssh to access the encryption-key files.
>
> Are you actually sure? The permissions of directories don't influence
> the permissions to the underlying files and directories unless an
> administrator changes the setting of the above "Bypass
> traverse checking"
> user right. Just to be sure I did check that yesterday on my
> system so
> I'm pretty confident.
>
> "Bypass traverse checking" is on by default for Everyone. This is
> annoyingly different from UNIX file systems from my point of view
> but AFAIK professional Windows admins like it. And since it's the
> default and most users don't know what it's doing anyway, I don't
> change it on my test system, too.
>
Hmm. I'm sorry to be so dense, but:
1) I had never heard of "Bypass traverse checking" so I'm
pretty sure that I haven't changed it.
2) Am I sure that I cannot use ~/.ssh if the mode is set to 700?
Changing the permissions for ~/.ssh to 750 or 755 has been
the solution for me and for a number of other users that
I've suggested it to. Are we all doing something wrong? (a
possibility, of course)
The following script sets everything up for me (of course,
I respond to the ssh-keygen prompts):
#!/bin/bash
umask 0022 && \
chmod 700 ~ && \
mv ~/.ssh ~/save.ssh && \
ssh-keygen -t rsa -C "some useful comment" -f ~/.ssh/id_rsa && \
cat ~/.ssh/id_rsa >> ~/.ssh/authorized_keys2
This causes ssh-keygen to create ~/.ssh with whatever permissions
it thinks are correct (i.e., 700). (I'm running sshd on Win2K
using
NTFS, Cygwin DLL 1.3.15, CYGWIN=ntsec, StrictMode=yes,
UsePrivilegeSeparation=yes) After this script completes, I attempt
to connect to my ssh server from the machine that is running the
server.
I can connect, but only if I provide my password. Conversely, if
I set the permissions of ~/.ssh to 755, then I can connect without
providing my password.
Am I doing something wrong, or assuming something that is false?
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
