Mode of ~/.ssh (Darwin bug #2575103)

Wilfredo Sanchez wsanchez at apple.com
Thu Dec 7 11:20:18 EST 2000


  OpenSSH's ssh-keygen sets the mode of ~/.ssh to 700, unlike "Classic"
ssh, which set it to 755.  I've noticed a couple of problems:

  If your home directory is on an NFS server which maps user root from
clients to nobody (typical "safe" setup), sshd, which runs as root, will
find itself without the ability to read that user's .ssh/authorized_keys
file.  This can be worked around by running as that user via setuid while
checking the file, but that won't work on kerberized NFS or other network
volumes which require a security token of some sort instead of blindly
trusting the client machine to authenticate users.  This is a drag.

  Also, since your public key live in ~/.ssh, it seems unfortunate that
other users can no longer get to it.  Minor drag.

  I'm wondering why it was deemed necessary to be fascist with the
directory rather than selectively fascist about the files in it.

	-Fred

Wilfredo Sánchez, wsanchez at apple.com
Open Source Engineering Lead
Apple Computer, Inc., Core Operating System Group
1 Infinite Loop, Cupertino, CA 94086, 408.974-5174





More information about the openssh-unix-dev mailing list