Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH authentication



 On Thu, 3 Jan 2008 19:18:30 -0500 
Derek Martin <[hidden email]> wrote: 

> My second guess would be that the permissions of your home directory 
> itself have been changed to allow group or other to write there.  This 
> would allow someone to remove your .ssh directory and replace it with 
> a new copy with whatever authorized_keys file the attacker wants, so 
> by default it's not allowed.  You mentioned .ssh and authorized_keys 
> are secured, but didn't mention about your home directory. 

This is a possibility. I recently moved the /home directory tree to 
another server. But, I think the ssh issue occurred prior , but I had 
not considered my home directory permissions could be at fault. 
In any case, I'll check them in the Am. 
-- 
-- 
Jerry Feldman <[hidden email]> 
Boston Linux and Unix 
PGP key id: 537C5846 
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846 
_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss
 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org