LinuxQuestions.org
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   sftp from Redhat linux to a window machine using public key authorization (https://www.linuxquestions.org/questions/linux-newbie-8/sftp-from-redhat-linux-to-a-window-machine-using-public-key-authorization-4175545523/)

hat1208 06-16-2015 02:06 PM
suicidaleggroll,

That's it!!!!!! Change the owner, group of .ssh ran the command and transferred the file with no user intervention. I don't understand put the output in the tags or I would. You have been a great help, thank so much.

hat1208 06-16-2015 02:08 PM
I didn't know what I was expecting to happen either, but if root owns them nothing is going to access or change them. What do you mean by the reference to 750 on home directory?

suicidaleggroll 06-16-2015 02:18 PM
ssh complains when the permissions on .ssh/config are too lax because that file can't be trusted anymore. Somebody could maliciously add an entry in your config so that "server" pointed to a custom man-in-the-middle IP address, so the next time you ran "ssh server" it actually connected to their system instead of the one you expect, and they intercept your password.

All you accomplished by changing the owner to root was preventing anybody from being able to use the file or directory, including dp3. You might as well have just deleted the file, it would have accomplished the same thing.

Right now it looks like the permissions on your home directory are set to 777. That means ANYBODY who has access to your computer under any account can create, delete, or modify ANY FILE in dp3's home directory. There has to be SOME reason you did this (destroying the security of your user's home directory in the process). Whatever that reason is, it was wrong, there is a better way of doing whatever it is you were trying to do. So change your home directory's permissions back to 750, and I sure hope this is a single-user machine, otherwise everything in your home directory has been compromised.

hat1208 06-16-2015 02:55 PM
All users on our systems have an exec command in their profile that give them access to the files and printers they need. Any interruption of that shell logs them out and they have no access to the command prompt. I and my boss are the only people that have command line access and I have executable scripts in the bin directory under /home/dp3/bin. Also these machines are behind a firewall and not accessible to the general public. I hope this all makes sense. I get the feeling that you have more administration experience than I.

suicidaleggroll 06-16-2015 04:41 PM
Still doesn't explain why you need 777 permissions on your home directory.

I'm not saying it's easy to break out of an exec like that, but there are a LOT of ways one could work around it, and I doubt you've thought of and blocked them all.

It's just not a good idea to use 777 permissions on any directory, especially not your home directory, unless there is absolutely nothing in there that you care about. If everybody needs access to the scripts in /home/dp3/bin, then they shouldn't be in /home/dp3/bin, they should be in /usr/local/bin or another similar location with global read-only access.

hat1208 06-17-2015 12:41 PM
Solved


All times are GMT -5. The time now is 01:24 PM.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page