On Tuesday, 06.02.2007 at 11:20 -0800, Kevin Ross wrote: > Ssh: ssh runs as root, removing world access is probably fine. Although don't forget that /etc/ssh includes ssh_config, which is a default *client* host-wide configuration file, which might is used by all local ssh client invocations. I guess ssh will run even without access to this file, but still ... I think you're approaching this incorrectly. Generally speaking, all Debian packages have been carefully prepared so that files which are left around the system are unreadable to all users if this would constitute a security risk: /etc/ssh is a good example. Note that the public parts of the SSH host keys are readable to all and that the private portions are only readable by root. Much thought has gone into this. Generally speaking, you don't need to change these settings. My advice? Go ahead and restrict permissions under /etc if you insist, but don't be surprised to find stuff suddenly failing to work! Cheers, Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature