[Bug 1554] No feedback when configuration file permissions are set incorrectly.

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Feb 13 16:07:00 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1554


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX
                 CC|                            |djm at mindrot.org




--- Comment #1 from Damien Miller <djm at mindrot.org>  2009-02-13 16:06:59 ---
Bad permissions are logged on the server. E.g.

Authentication refused: bad ownership or modes for file
/home/djm/.ssh/authorized_keys

We cannot relay this information to the client because it is, by
definition, not authenticated at the time it is attempting public key
authentication and is therefore untrustworthy. It would be
inappropriate to divulge the existence of an authorized_keys file, let
alone that it has unsafe permissions.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list