ssh: Add validation of file permissions on ~/.ssh/ etc.

UCSF-TI / TIPCC-Tools

Scripts for TIPCC (not really useful elsewhere)

1 stars 0 forks source link

ssh: Add validation of file permissions on ~/.ssh/ etc. #2

Closed HenrikBengtsson closed 9 years ago

HenrikBengtsson commented 9 years ago

The ~/.ssh/ directory must not be readable/accessible by "group" and "others". If it is, ssh is silently ignore ssh keys. This is a fairly common problem, especially among new comers, but also among advanced users who just forget about this.

Check file permissions on:

~/.ssh/
~/.ssh/authorized_keys
~/.ssh/Id_dsa, ~/.ssh/Id_rsa etc.
~/.ssh/config (?)

HenrikBengtsson commented 9 years ago

Added

path=${HOME}/.ssh
if test -d ${path}; then
  perms=$(ls -al ${HOME} | grep -F .ssh | cut -c 1-10)
  permsGO=$(echo $perms | cut -c 5-10)
  if test "${permsGO}" != "------"; then
    echo >&2 "WARNING: SSH is incorrectly configured. Your ${path}/ directory must not be accessible by 'gr\
oup' or 'other' ($perms). To fix this, do: chmod go-rwx ${path}/"
  fi

  path=${HOME}/.ssh/authorized_keys
  if test -f ${path}; then
    perms=$(ls -l ${path} | cut -c 1-10)
    permsGO=$(echo $perms | cut -c 5-10)
    if test "${permsGO}" != "------"; then
      echo >&2 "WARNING: SSH is incorrectly configured. Your ${path} file must not be accessible by 'group'\
 or 'other' ($perms). To fix this, do: chmod go-rwx ${path}"
    fi
  fi
fi