Quote:
Originally Posted by
mohtashims
I tried 775 and it still have the same error.
Precisely because of that.
Quote:
Originally Posted by
mohtashims
Do you still want me to give permission 600 ?
In fact, you can do whatever you want, but the error won't go away otherwise.
Quote:
Originally Posted by
mohtashims
If yes, why? Can you make me understand why 600 and not 775 would help?
As you have been told: because the man page says so. But there is a deeper reason: ssh (and the underlying OpenSSL library) are built by people trying to achieve a certain goal and this goal is: security. If you do something which would compromise this goal ssh/OpenSSL will try to stop you from doing that - in this case by issuing an error.
If you make the directory where (supposedly) your private keys are stored readable and searchable for a whole group ("775" means everybody can read there and members of your group can even write there) who, do you think, will stop members of your group to just change your private keys to some arbitrary value if they feel like it. (If you think "trust" is a good concept in IT security: just connect your main server to the internet and post the root password to Facebook - we'll see what happens and how fast.)
I have said it already and i wll say it again: the UNIX way in general is not turning off what is an absolute obstacle but turning on only what one really needs.
If you need only filemode 600 why whould you even want to set 775 in first place, even if it would work? Apart from your unwillingness to consult man pages, reluctance to come to an understanding of concepts and resistance to take advice by heart - you seriously need to work on your "work ethics" too: more doesn't always help more (in fact sometimes it helps less) and for the same reason filemode 777 is not the fix for everything.
I hope this helps.
bakunin