sshd
will refuse to accept public key authentication if the user's home directory is group-accessible, even if ~/.ssh
is set to 700? If the permissions on ~/.ssh
are acceptable, why do the permissions on ~
matter?
Ssh and home directory permissions
file-permissionspermissionsssh
Best Answer
I guess the reason is that if your home directory is writable by someone else, then a malicious user can create
~/.ssh
, add desired keys and then change permissions on it to 700.Even if you already have a
~/.ssh
, it can simply be renamed to something else and a new one created.However, on modern systems such trick is usually not possible due to
chown
working only for super-user, this has not always been the case:Whether chmod behaves one way or another depends on libc compilation options, and for the sake of security OpenSSH server is slightly paranoid.