[scponly] protecting ~/.ssh
Dimitri Papadopoulos-Orfanos
papadopo at shfj.cea.fr
Fri Apr 8 06:06:44 EDT 2005
Hi,
I've read on the list's archive and elsewhere that users should be
prevented from modifying the contents of their ~/.ssh directory. See for
example:
https://lists.ccs.neu.edu/pipermail/scponly/2005-February/000711.html
While I understand why, I'm not sure how to enforce this. Apart from the
following filesystem-specific command, is there any other way?
chattr +i ~/.ssh
Note that having non-writable home directories does not look like a
solution, since a ~/.ssh subdirectory is already present and has to
belong to the user, with specific permissions.
Dimitri Papadopoulos
More information about the scponly
mailing list