Shell Programming and Scripting

i am logged in with "user1" on host1.

I m trying to ssh to host2 using user id "user2"

Code:

[user1@host1 apache]$ ssh user2@host2
Bad owner or permissions on /home/user1/.ssh/config

Question 1: Can you please tell me why am i getting the Bad owner permissions error on that directory ?

Question 2: Where is it looking for the "Bad owner or permissions on /home/user1/.ssh/config" on host1 or host2 ?

Note: I do not have root privileges.

Regards,

It is for host1. Try executing below command helps,

Code:

chmod 600 /home/user1/.ssh/config

I tried 775 and it still have the same error. Do you still want me to give permission 600 ? If yes, why? Can you make me understand why 600 and not 775 would help?

I think it is due to, too open permissions. With

Code:

 chmod 600

giving permission to root only here . Similarly you have to give permission to correct user if user1 is not root. ( I see that now )

reading (and understanding) man ssh occasionally helps:

You need to keep the files owned by the specific user and private. It's not a "I can't read it" but really an "other people can read it" complaint. By design, ssh want to keep things secure so only the specific user is allowed to see the file.

Check that everything including ~/.ssh and below are owned by user1 and are access to the owner only, so permissions 700 for the directory and 600 for the files.



Robin

Precisely because of that.

In fact, you can do whatever you want, but the error won't go away otherwise.

As you have been told: because the man page says so. But there is a deeper reason: ssh (and the underlying OpenSSL library) are built by people trying to achieve a certain goal and this goal is: security. If you do something which would compromise this goal ssh/OpenSSL will try to stop you from doing that - in this case by issuing an error.

If you make the directory where (supposedly) your private keys are stored readable and searchable for a whole group ("775" means everybody can read there and members of your group can even write there) who, do you think, will stop members of your group to just change your private keys to some arbitrary value if they feel like it. (If you think "trust" is a good concept in IT security: just connect your main server to the internet and post the root password to Facebook - we'll see what happens and how fast.)

I have said it already and i wll say it again: the UNIX way in general is not turning off what is an absolute obstacle but turning on only what one really needs.

If you need only filemode 600 why whould you even want to set 775 in first place, even if it would work? Apart from your unwillingness to consult man pages, reluctance to come to an understanding of concepts and resistance to take advice by heart - you seriously need to work on your "work ethics" too: more doesn't always help more (in fact sometimes it helps less) and for the same reason filemode 777 is not the fix for everything.

I hope this helps.

bakunin