Skip to content

Instantly share code, notes, and snippets.

@crazyhottommy

crazyhottommy/ssh_777.md

Last active December 12, 2017 21:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save crazyhottommy/271166a3a168ef8f9c1b03b761786559 to your computer and use it in GitHub Desktop.
Save crazyhottommy/271166a3a168ef8f9c1b03b761786559 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ssh_777.md

This is the default behavior for SSH. It protects user keys by enforcing rwx------ on $HOME/.ssh and ensuring only the owner has write permissions to $HOME. If a user other than the respective owner has write permission on the $HOME directory, they could maliciously modify the permissions on $HOME/.ssh, potentially hijacking the user keys, known_hosts, or something similar. In summary, the following permissions on $HOME will be sufficient for SSH to work.

  • rwx------
  • rwxr-x---
  • rwxr-xr-x

SSH will not work correctly and will send warnings to the log facilities if any variation of g+w or o+w exists on the $HOME directory. However, the administrator can override this behavior by defining StrictModes no in the sshd_config (or similar) configuration file, though it should be clear that this is not recommended.

Raw
sshfs_ubuntu_16.04.md
  1. Install sshfs
sudo apt-get install sshfs

## check if fuse group is present
cat /etc/group | grep fuse

## check allow_other cat /etc/fuse.conf

If fuse group is not present, which is in my case, I have to add it mannually

# add fuse group
sudo groupadd fuse

# add user to the fuse group
sudo gpasswd -a $USER fuse
  1. make a folder for mount point
sudo mkdir /mnt/shark
sudo chown mtang1 /mnt/shark
#
sshfs -o allow_other railab: /mnt/shark


ls /mnt/shark
# it requires sudo to write 

# unmount
fusermount -u /mnt/shark
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment