Previous Section  < Day Day Up >  Next Section

Recipe 17.13. Setting File Permissions on ssh Files

17.13.1 Problem

You want to be sure that your SSH files and keys have the correct, most secure permissions.

17.13.2 Solution

For user accounts in ~/.ssh, use the following permissions:

~/.ssh
mode 700
~/.ssh/id_dsa and other private keys
mode 400
~/.ssh/id_dsa.pub and other public keys
mode 644
~/.ssh/ssh_config
mode 644
~/.ssh/known_hosts
mode 644
~/.ssh/authorized_keys
mode 644


Files in /etc/ssh should have these permissions:

/etc/ssh
mode 755
/etc/ssh/sshd_config
mode 644
/etc/ssh/ssh_config
mode 644
/etc/ssh/ssh_host_dsa_key and other private keys
mode 400
/etc/ssh/ssh_host_dsa_key.pub and other public keys
mode 644
/etc/ssh/moduli
mode 644


17.13.3 Discussion

File permissions and ownership are fundamental security tools in Linux, so it's important to be careful and make sure to get them right. Again, beware of text editors that create automatic backup copies, and be careful when you delete files. If they sit in the Trash, they can easily be retrieved.

17.13.4 See Also

  • ssh(1), sshd(8)

  • SSH, The Secure Shell: The Definitive Guide

    Previous Section  < Day Day Up >  Next Section