www文件夹中的.ssh / authorized_keys文件
[英].ssh/authorized_keys file inside www folder
问题描述
I created a user to login via SSH without a password, whose user's directory is the /var/www/html folder so i have the ssh/authorized_keys in the same folder. 
我创建了一个无需密码即可通过SSH登录的用户,该用户的目录为/ var / www / html文件夹,因此我在同一文件夹中包含ssh / authorized_keys。 Is that a security problem? 那是安全问题吗?
1 个解决方案
解决方案1
1 已采纳 2013-07-30 00:40:24
It's not really a security concern, as a public half of a key pair is just that. 这并不是真正的安全问题,因为密钥对的公共部分就足够了。 You can limit some of the security paranoia if you so wish (and if your web server is apache) with a Directory setting. 如果愿意(如果您的Web服务器是apache),可以使用Directory设置来限制某些安全妄想。 To block access to the sshd directory add (either in your apache config file, or in a .htaccess file): 要阻止对sshd目录的访问,请添加(在您的apache配置文件或.htaccess文件中):
<Directory /var/www/html/.ssh>
Order Deny,Allow
Deny from All
</Directory>
Although your passphrase is empty, you still require your private key to gain access (it is that half of the key pair you have to keep secure and away from public access). 尽管您的密码短语为空,但您仍然需要私钥才能访问(这是您必须保护一半的密钥对并使其远离公共访问权限)。 Again if you still feel like donning a tin foil hat, editing your authorized_keys and locking the key down to an IP (if the places you connect from are from static IPs): 同样,如果您仍然想戴一顶锡纸帽子,请编辑您的authorized_keys并将该密钥锁定为一个IP(如果您连接的位置来自静态IP):
from="myhost.ip.address" ssh-rsa AAA....{etc}
may also help you sleep better of a night time :) 也许也可以帮助您睡个好觉:)
Or you may want to take some bedtime reading on wikipedia of the ins-and-outs of public-key encryption: 或者,您可能想在就寝时间阅读Wikipedia上有关公开密钥加密的内容:
http://en.wikipedia.org/wiki/Public-key_cryptography
and that may get you off to sleep quicker! 这样可以让您更快入睡!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.