Gil is correct. Even though you aren't using keys, OpenSSH will try to cache a prng in .ssh, so it should be 700.
Best to stay with these recommendations for file permissions: http://dovetail.com/docs/sftp/sftp-webinar.pdf slide 29 "Common Pitfalls" Kirk Wolf Dovetailed Technologies http://dovetail.com On Tue, Nov 30, 2010 at 4:09 PM, Paul Gilmartin <[email protected]>wrote: > On Tue, 30 Nov 2010 16:32:48 -0500, Leonard Sasso wrote: > > >Does the production RACF id have an OMVS segment? Yes > >Does it have a HOME subdirectory? Yes > >Is there a .ssh subdirectory in the $HOME for this user? Yes > >Is the UNIX filemode for .ssh subdirectory set to 700 or 600? Set to 770 > >Are the files in the .ssh subdirectory all set to filemode 600? Set to > >600 or 644 or 777 > >Is .ssh and all its files owned by the production RACF id? Yes > > > Those might be too permissive. "For your protection" some > variants of SSL/SSH prohibit that any files in ~/.ssh, and > any directories in its path, be group writeable. Stay with > 700 for directories and 600 for basefiles. > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
