[Bug 2050] Support XDG basedir specification
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Dec 15 00:54:57 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=2050
--- Comment #18 from Drew DeVault <sir at cmpwn.com> ---
(In reply to Dmitry V. Levin from comment #17)
> The risk is that sensitive data would be accessed from a less secure
> location than ~/.ssh/. I saw setups where ~/ and ~/.ssh/
> directories were out of user control, these setups would break.
>
> You're talking about defaults, they shouldn't change this way.
But how does that happen? This is entirely hypothetical. No one is
asking ssh-keygen to stop setting keys to 600. If you saw setups where
~/.ssh is "out of user control", causing things to break, what makes
that any different from if ~/.config/ssh/ is "out of user control"?
If you really, desperately don't want to change the defaults (something
which has led to actual security problems in SSH, by the way, like
generating less-secure RSA keys by default), then alternatives like
SSH_XDG_* have been proposed as an incremental stepping stone.
If you have arguments to make, *make* them, rather than just alluding
to their approximate shape and making vague generalizations.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list