[Bug 3146] New: ssh-keygen -R changes permissions on existing file

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Apr 9 12:21:20 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3146

            Bug ID: 3146
           Summary: ssh-keygen -R changes permissions on existing file
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ed at edgewood.to

Using ssh-keygen -R to remove a key from a file with group/other read
permission changes the permissions to remove any group and other bits. 
This is good for ~/.ssh/known_hosts, which should be 600, but bad for
/etc/ssh/ssh_known_hosts, which should be 644.

Inspecting the source, the function that removes a key sets umask 077
before creating the new file for the existing lines (except the one to
be removed), but doesn't copy the permissions.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list