jdow wrote: > Directory /etc/ssh - should be drwxr-xr-x. The world must have the > rights to read and enter the directory but not write to it. > > Most of the files should be -rw-------. Only root can read or write > them. None should have x permission. And ssh_config and the .pub > files should be -rw-r--r--. > > Nobody but root should be able to write to that directory under any > circumstance or your system is open to exploitation. > > Each user ~/.ssh directory should be drwxr-xr-x. Each file should be > -rw-r--r--. (This is probably wrong. The directory probably should be > drwx------ and the files should be -rw-------. But under RedHat and > Fedora home directories are drwx------, so people who do not belong > can't get to the directory in the first place. Yes, your second statement is "more" correct. The ~/.ssh directory should be drwx------. While, as you point out, it won't make a difference in cases where one doesn't alter the defaults of user creation. In cases where you assign groups or add users to various groups it could become a factor. So as not to tax ones memory I feel it is good practice to advise drwx------.
Description: OpenPGP digital signature