Security of ~/.ssh ?? for client end ?
I have setup ssh using RSA keys and provided users with a menu based system to log into remote servers as specific users.
So they SSH into a secure box running LIDS and using pdmenu get a menu system and can ssh into different servers on the network. The menu is started by running sudo -u username menuscript.
That box seems very secure, all the apps are sandboxed using LIDS and no one has command line access.
Do I have to concern my self with the ~/.ssh directories of the servers users will be connect to from this box ? Right now there is a authorized_keys file in which is chmod 600 and the .ssh is chmod 700. But the user they log in as can still read that file.
Can I make it so only root can read that file but logins still work ?
Well, you COULD make the "ssh" executable setuid root, but I'm not sure if that's too secure either. It's the only thing I can think of.
|All times are GMT -5. The time now is 12:41 PM.|