This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Question about cygwin sshd and StrictModes

From: Larry Hall <cygwin-lh at cygwin dot com>
To: ehud at unix dot mvs dot co dot il, mberney at polyserve dot com
Cc: cygwin at cygwin dot com
Date: Wed, 10 Dec 2003 16:05:44 -0500
Subject: Re: Question about cygwin sshd and StrictModes
References: <C75BC7A96CFE2C44B38C639E4362739E018A29A1@postman.ms.polyserve.com><200312101900.hBAJ0Uki015582@beta.mvs.co.il>
Reply-to: Cygwin List <cygwin at cygwin dot com>

At 02:00 PM 12/10/2003, Ehud Karni you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wed, 10 Dec 2003 09:17:23 -0800, Matt Berney <xxx@xxx.xxx> wrote:
>>
>> Thanks for the no-help.  I have already read all relevant
>> documentation that I could find.  That is the reason for
>> posting a message to the group.  In the future, if you wish
>> to be helpful, please offer more than RTFM.
>
>I don't exactly know what Larry meant, but if you read the "Fucking"
>manual as you claim, you either missed or misunderstood the following
>(from the man pages of sshd_config(5) ):
>
>  StrictModes
>    Specifies whether sshd should check file modes and ownership of
>    the user's files and home directory before accepting login.  This
>                        ^^^^^^
>    is normally desirable because novices sometimes accidentally
>    leave their directory or files world-writable.  The default is
>    ``yes''.
>
>Which is in plain English: check the permissions of your Home (~/)
>and your ssh (~/.ssh) directories. Your home directory must NOT be
>writable by others (not even from your group) and the ~/.ssh should
>not be readable by others (because you may have your private keys
>there).
>
>Ehud.


Colorful language aside, I think Ehud brings up a good point.  While 
this is a port of openssh to Cygwin, all the regular documentation for 
openssh is valid and should be consulted when investigating an issue.
These guidelines are valid across all platforms.  In this case, the 
prose from the man-page that Ehud quotes seems quite relevant and his
suggestion very sound.

Ehud, you should be careful about replying to the list if your
reply would expose somebody's email address in the body of a message.  
You'll note I've obscured Matt's email address that came from your reply.



--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746                     


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- file permissions issues on creation with cygwin 1.5.5-1?
  - From: Steven Hartland

References:
- RE: Question about cygwin sshd and StrictModes
  - From: Matt Berney
- Re: Question about cygwin sshd and StrictModes
  - From: Ehud Karni

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]