Re: ~/.ssh/config permissions

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



As far as I'm aware, none of the developers have anything to do with
the wiki page. The man pages should describe the correct behaviour
and the source should implement it :)

On Wed, 18 Nov 2015, Alon Bar-Lev wrote:

> On 15 November 2015 at 09:55, Alon Bar-Lev <alon.barlev@xxxxxxxxx> wrote:
> >
> > Hi,
> >
> > Working with apache-sshd I found that it forces ~/.ssh/config to be
> > owned by user without group/others permissions. It failed for me
> > within my valid openssh environment.
> >
> > Within sources (readconf.c::read_config_file), I found that openssh
> > only enforces ownership by user and not group/others write.
> >
> > When I opened an issue, I was referred to this[1] wiki page (not sure
> > who maintain it) claiming that:
> > """
> > This file must not be accessible to other users in any way. Set strict
> > permissions: read/write for the user, and not accessible by others. It
> > may group-writable if and only if that user is the only member of the
> > group in question.
> > """
> >
> > Personally, I prefer the sources as a reference, but as this wiki page
> > is source for information for some, and find no reason why this file
> > is sensitive for read.
> >
> > I would like to know what is the expected behaviour.
> 
> Hi!
> Anyone knows what is the expected behaviour?
> Thanks!
> 
> >
> > Regards,
> > Alon Bar-Lev.
> >
> > [1] https://en.wikibooks.org/wiki/OpenSSH/Client_Configuration_Files#.7E.2F.ssh.2Fconfig
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux