How to Restart the service sshd in Fedora Linux System ?

jdow jdow at earthlink.net
Wed Dec 24 00:15:08 UTC 2008 

Directory /etc/ssh - should be drwxr-xr-x. The world must have the
rights to read and enter the directory but not write to it.

Most of the files should be -rw-------. Only root can read or write
them. None should have x permission. And ssh_config and the .pub
files should be -rw-r--r--.

Nobody but root should be able to write to that directory under any
circumstance or your system is open to exploitation.

Each user ~/.ssh directory should be drwxr-xr-x. Each file should be
-rw-r--r--. (This is probably wrong. The directory probably should be
drwx------ and the files should be -rw-------. But under RedHat and
Fedora home directories are drwx------, so people who do not belong
can't get to the directory in the first place.

{^_^}
----- Original Message ----- 
From: "Rick Stevens" <ricks at nerd.com>
Sent: Tuesday, 2008, December 23 10:27


> Jyotishmaan Ray wrote:
>> Please tell me whose permissions should be 700, please name the files 
>> whose permissions I must set to 700, and also let me know if anuthing 
>> lese has to be done in order to execute the ssh command.
>
> My set up is as follows:
>
> The /etc/ssh directory is owned by root, group of root and have 755
> permissions (rwxrw-rw-).  The files IN /etc/ssh are all be owned by
> root, group of root with 500 permissions (rw-------) EXCEPT ssh_config
> and any "*.pub" files.  Those have 544 permissions (rw-r--r--).
>
> In _your_ home directory, the .ssh directory is owned by you with your
> group and have 700 permissions (rwx------).  The files in it should
> be owned by you with your group and have 500 permissions (rw-------)
> except any "*.pub" files, which can have 544 permissions (rw-r--r--).
>
> Really, since the directory can only be read by you, all files could be
> 544 (rw-r--r--).  ssh really is worried about someone other than you
> writing to those files.
>
>> --- On Mon, 12/22/08, Aaron Konstam <akonstam at sbcglobal.net> wrote:
>> From: Aaron Konstam <akonstam at sbcglobal.net>
>> Subject: Re: How to Restart the service sshd in Fedora Linux System ?
>> To: jyotishmaan at yahoo.com, "Community assistance, encouragement, and 
>> advice for using Fedora." <fedora-list at redhat.com>
>> Date: Monday, December 22, 2008, 9:26 PM
>>
>> On Mon, 2008-12-22 at 05:06 -0800, Jyotishmaan Ray wrote:
>>> Dear All FEDORA Users,
>>>
>>> I am a new bir in fedora linux system as administrator.
>>>
>>> Please tell me one thing.
>>> In my fedora linux os server, i am not able to sshd service .
>>>
>>> The thing is that, once I had to change the permissions of the files
>>> just in order to avoid the other users to explore the system, using
>>> chmod command. However, I have immediately changed the permissons
>>> again back.
>>>
>>>
>>> Soon after that I could not log on to the fedora server systm using
>>> the ssh  serverhostname username command.
>>>
>>> When tried to run sshd service using service sshd restart, I got the
>>> folloeing errors shown below:-
>>>
>>>
>>> Permissions 0755 for '/etc/ssh/ssh_host_dsa_key' are too open.
>>> It is recommended that your private key files are NOT accessible by
>>> others.
>>> This private key will be ignored.
>>> bad permissions :ignore key: /etc/ssh/ssh_host_dsa_key
>>> Could not load host key : /etc/ssh/ssh_host_dsa_key
>>> Disabling protocol version 2. Could not load host key
>>> sshd: no  hostkeys available --exiting
>>>
>>>
>>>
>>> Please immedialtely let me know, what to fix in order to restart the
>>> service sshd.
>>>
>> Permissions should be 700.
>>
>>
>>
>>
>>
>
>
> -- 
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer                      ricks at nerd.com -
> - AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
> -                                                                    -
> -     Never put off 'til tommorrow what you can forget altogether!   -
> ----------------------------------------------------------------------
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: 
> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

More information about the fedora-list mailing list