[Cialug] SSH Host Key Permissions
Nicolai
nicolai-cialug at chocolatine.org
Tue Mar 19 15:52:18 UTC 2019
On Tue, Mar 19, 2019 at 09:10:50AM -0400, Todd Walton wrote:
> I didn't generate those. I haven't touched them. So, that must be
> official, right? I can SSH to my workstation, so 0640 on the host keys
> must be okay. So I was generating ed25519 host keys yesterday by
> running this on a number of servers:
On my servers, all SSH host secret keys are 600, pubkeys are 640.
> if ! test -f /etc/ssh/ssh_host_ed25519_key; then ssh-keygen -f
> /etc/ssh/ssh_host_ed25519_key -t ed25519; fi
You should just do "ssh-keygen -A" on the servers. It will do the right
thing. Your operating system should actually do this for you.
Nicolai
More information about the Cialug
mailing list