美文网首页
ssh 密钥登陆的文件权限问题

ssh 密钥登陆的文件权限问题

作者: 蟹蟹宁 | 来源:发表于2021-11-29 10:59 被阅读0次

    前因

    自以为已经非常熟练的使用ssh密钥对登陆服务器的我,居然也翻车了……

    昨天在服务器上开了一个新的用户,却发现无论怎么样也没办法登陆!

    后果

    今天早上又想起了这个人生污点,查了一下,确定原来是文件权限的问题,必须要给定如下的权限才可以。

    之所以忘记了这个设定,是的,我回忆起了一开始用的时候的确是要配置文件权限的。是因为最近用的大多数我都用的默认权限,没有出问题,如下图。

    可能版本不同?

    调查

    这个时候, 如果你想准确且快速的得到答案, 那么就去翻阅以下Linux的ssh手册[1]:

    总结

    我在外网, 找到了一个人做的对于常用配置文件的总结性表格[2]:

    +------------------------+-------------------------------------+-------------+-------------+
    | Directory or File      | Man Page                            | Recommended | Mandatory   |
    |                        |                                     | Permissions | Permissions |
    +------------------------+-------------------------------------+-------------+-------------+
    | ~/.ssh/                | There is no general requirement to  | 700         |             |
    |                        | keep the entire contents of this    |             |             |
    |                        | directory secret, but the           |             |             |
    |                        | recommended permissions are         |             |             |
    |                        | read/write/execute for the user,    |             |             |
    |                        | and not accessible by others.       |             |             |
    +------------------------+-------------------------------------+-------------+-------------+
    | ~/.ssh/authorized_keys | This file is not highly sensitive,  | 600         |             |
    |                        | but the recommended permissions are |             |             |
    |                        | read/write for the user, and not    |             |             |
    |                        | accessible by others                |             |             |
    +------------------------+-------------------------------------+-------------+-------------+
    | ~/.ssh/config          | Because of the potential for abuse, |             | 600         |
    |                        | this file must have strict          |             |             |
    |                        | permissions: read/write for the     |             |             |
    |                        | user, and not accessible by others. |             |             |
    |                        | It may be group-writable provided   |             |             |
    |                        | that the group in question contains |             |             |
    |                        | only the user.                      |             |             |
    +------------------------+-------------------------------------+-------------+-------------+
    | ~/.ssh/identity        | These files contain sensitive data  |             | 600         |
    | ~/.ssh/id_dsa          | and should be readable by the user  |             |             |
    | ~/.ssh/id_rsa          | but not accessible by others        |             |             |
    |                        | (read/write/execute)                |             |             |
    +------------------------+-------------------------------------+-------------+-------------+
    | ~/.ssh/identity.pub    | Contains the public key for         | 644         |             |
    | ~/.ssh/id_dsa.pub      | authentication.  These files are    |             |             |
    | ~/.ssh/id_rsa.pub      | not sensitive and can (but need     |             |             |
    |                        | not) be readable by anyone.         |             |             |
    +------------------------+-------------------------------------+-------------+-------------+
    

    参考

    1. ^OpenBSD manual page - ssh(1) https://man.openbsd.org/ssh
    2. ^Permissions on private key in .ssh folder? https://superuser.com/questions/215504/permissions-on-private-key-in-ssh-folder

    相关文章

      网友评论

          本文标题:ssh 密钥登陆的文件权限问题

          本文链接:https://www.haomeiwen.com/subject/cpvwzltx.html