--PNTmBPCT7hxwcZjr
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline

On Mon, Mar 28, 2005 at 03:17:02PM +0100, Miguel Saturnino wrote:
> What are the drawbacks of making sshd_config not world readable, like
> this:

[SNIP]
> In the man page says it is not necessary that the file be world readable
> but it is recommended... I don't want it to be world readable so that
> regular users don't know what Port and ListenAddress sshd is using.


If protecting this information is the only reason you want to make the
file inaccessible, it may be a waste of your time. For example, on
some systems, "netstat -pant" may show them which programs are
listening on what TCP ports. It won't work on recent Linux systems,
but it did work on certain versions of Linux, and may work on other
operating systems.

The users could also run nmap on the machine to scan every port,
which may reveal where ssh is running.

--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D


--PNTmBPCT7hxwcZjr
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCSDaudjdlQoHP510RAtuzAKCKcPRpi+yapvWMTnnQeN Mm6WyKwwCgo1bd
PNb6bSnS4j+nk64mSVrZANM=
=GA0k
-----END PGP SIGNATURE-----

--PNTmBPCT7hxwcZjr--