Security of ~/.ssh ?? for client end ?
Hello,
I have setup ssh using RSA keys and provided users with a menu based system to log into remote servers as specific users. So they SSH into a secure box running LIDS and using pdmenu get a menu system and can ssh into different servers on the network. The menu is started by running sudo -u username menuscript. That box seems very secure, all the apps are sandboxed using LIDS and no one has command line access. Do I have to concern my self with the ~/.ssh directories of the servers users will be connect to from this box ? Right now there is a authorized_keys file in which is chmod 600 and the .ssh is chmod 700. But the user they log in as can still read that file. Can I make it so only root can read that file but logins still work ? Thanks. Michael. |
Well, you COULD make the "ssh" executable setuid root, but I'm not sure if that's too secure either. It's the only thing I can think of.
|
All times are GMT -5. The time now is 03:07 PM. |