Tectia

File Locations and Permissions on Unix

On Unix platforms, the Tectia Server files are located in the following directories and the named file permissions are required for them:

  • /etc/ssh2

    Writable to root (must). Readable to world. The /etc/ssh2 directory is created with the correct permissions during installation.

    • /etc/ssh2/ssh-server-config.xml: the server configuration file (see ssh-server-config(5))

      Writable to root (must). Readable to world. The permissions can be overridden with environment variables SSH_SECSH_NO_OWNERSHIP_CHECKS and SSH_SECSH_DISABLE_OWNERSHIP_CHECKS.

    • /etc/ssh2/ssh-server-config-default.xml: a sample file that shows the hardcoded system defaults of the server configuration

    • /etc/ssh2/ssh-server-config-example.xml: a sample file with useful examples for the server configuration

    • /opt/tectia/share/auxdata/ssh-server-ng: the server configuration file DTD directory

    • /etc/ssh2/hostkey: the default server host private key file

      Writable to root (must). Readable to root (must). The permissions can be overridden with environment variables SSH_SECSH_NO_OWNERSHIP_CHECKS and SSH_SECSH_DISABLE_OWNERSHIP_CHECKS.

    • /etc/ssh2/hostkey.pub: the default server host public key file

      Writable to root (should). Readable to world.

    • /etc/ssh2/random_seed: the seed file for the random number generator

      Writable to root (must). Readable to root (must). Set the permissions read/writeable to root at each update.

    • /etc/ssh2/licenses: the license file directory (see Licensing)

    • /etc/ssh2/trusted_hosts: the directory for host public keys that are trusted for host-based authentication (see Host-Based User Authentication)

      Writable to root (must). Readable to root (should).

  • /opt/tectia/sbin: the system binaries such as ssh-server-g3

  • /opt/tectia/bin: the user binaries such as ssh-keygen-g3

  • /opt/tectia/man: Tectia Server man pages

  • /opt/tectia/libexec: library binaries

  • /opt/tectia/lib/sshsecsh: library binaries

The user-specific configurations are stored in each user's $HOME/.ssh2 directory.

Writable to user (must). Readable to user (should). The permission checking can be changed with configuration setting <auth-file-modes mask-bits="XXX"/>.

In the $HOME/.ssh2 directory:

  • $HOME/.ssh2/authorized_keys: the default directory for user public keys that are authorized for login

  • $HOME/.ssh2/authorization: (optional) the default authorization file for user public keys