.ssh files

jw schultz jw at pegasys.ws
Mon Dec 23 01:34:01 EST 2002

On Sun, Dec 22, 2002 at 04:32:19PM -0400, Steve Mallett wrote:
> I burned an .iso cd of the home dir of a server, my .ssh files are 
> there, but if I restore from the cd using rsync -azurvp 
> /mnt/cdrom/.ssh/* ~/.ssh the permissions seem screwy.
> I'm trying to use my id_dsa ssh key to login to other servers, but they 
> don't acknowledge the key because the "permission are incorrect".
> Any Suggestions?  Did i screwup, by using mkisofs & cdrecord to burn 
> the cd?

For obvious security reasons the files in ~/.ssh must be
very precise, especially the identity files.  Having your
private keys publicly readable allows anyone to impersonate
you.  ssh correctly refuses to use these files if they are
insecure.  If they haven't already they should be adding
checks for permissive ACLs to ssh.

The ISO9660 semantics don't support POSIX permissions.
Rock Ridge extensions _might_ add what you need but probably
not.  ISO9660 was meant to provide a least common denominator 
storage for removable media.

The first way i know of that you can be sure of preserving
this meta-data is to create an archive file (tar, cpio,
etc.) and burn that on the cdr(w) either in an isofs or
directly (read with: tar xf </dev/cdrom).

The other way is to burn an image of a native filesystem.
This is what i do.  It is somewhat less portable since an
iso9660 can be mounted on almost any platform but it not
only preserves all the meta-data but it grants direct access
to the files.  The key here is to build the filesystem with
the necessary options for a device having a hardware sector
size of 2048 bytes.

	J.W. Schultz            Pegasystems Technologies
	email address:		jw at pegasys.ws

		Remember Cernan and Schmitt

More information about the rsync mailing list