-   Linux - Security (
-   -   Security of ~/.ssh ?? for client end ? (

michael_util 02-09-2005 05:44 PM

Security of ~/.ssh ?? for client end ?

I have setup ssh using RSA keys and provided users with a menu based system to log into remote servers as specific users.

So they SSH into a secure box running LIDS and using pdmenu get a menu system and can ssh into different servers on the network. The menu is started by running sudo -u username menuscript.

That box seems very secure, all the apps are sandboxed using LIDS and no one has command line access.

Do I have to concern my self with the ~/.ssh directories of the servers users will be connect to from this box ? Right now there is a authorized_keys file in which is chmod 600 and the .ssh is chmod 700. But the user they log in as can still read that file.

Can I make it so only root can read that file but logins still work ?



Matir 02-09-2005 08:40 PM

Well, you COULD make the "ssh" executable setuid root, but I'm not sure if that's too secure either. It's the only thing I can think of.

All times are GMT -5. The time now is 12:31 AM.