Recipe 17.13. Setting File Permissions on ssh Files
17.13.1 Problem
You want to be sure that your SSH files and
keys have the correct, most secure permissions.
17.13.2 Solution
For user accounts in ~/.ssh, use the following
permissions:
- ~/.ssh
|
- mode 700
|
- ~/.ssh/id_dsa and other private keys
|
- mode 400
|
- ~/.ssh/id_dsa.pub and other public keys
|
- mode 644
|
- ~/.ssh/ssh_config
|
- mode 644
|
- ~/.ssh/known_hosts
|
- mode 644
|
- ~/.ssh/authorized_keys
|
- mode 644
|
Files in /etc/ssh should have these permissions:
- /etc/ssh
|
- mode 755
|
- /etc/ssh/sshd_config
|
- mode 644
|
- /etc/ssh/ssh_config
|
- mode 644
|
- /etc/ssh/ssh_host_dsa_key and other private keys
|
- mode 400
|
- /etc/ssh/ssh_host_dsa_key.pub and other public keys
|
- mode 644
|
- /etc/ssh/moduli
|
- mode 644
|
17.13.3 Discussion
File permissions and ownership are fundamental security tools in
Linux, so it's important to be careful and make sure
to get them right. Again, beware of text editors that create
automatic backup copies, and be careful when you delete files. If
they sit in the Trash, they can easily be retrieved.
17.13.4 See Also
|
