[Watford] SSH Questions
Yvan Seth
watford.lug.org.uk at malignity.net
Tue Sep 16 20:44:13 UTC 2008
On Tue, Sep 16, 2008 at 09:27:49PM +0100, Magnus Kelly wrote:
> but is it not possible to limit file permissions to make the .ssh
> directories read only to all but root? Or does ssh insist on having
> write access?
>
> Might be a silly question, but I had always thought this was one of
> the inherent benefits of unix?
Yes, it is possible to lock down users' $HOME/.ssh directories, and
doing this is one way you could lock them to only pre-approved SSH
public keys. The problem is that they have full control of the private
key, which is outside of your system. If you give them a key with a
passphrase, they can remove it at their end and there is no way for an
ssh server to know that this has happened (passphrases are entirely
handled at the ssh-client end.)
-Yvan
More information about the Watford
mailing list