[PATCH] ssh-copy-id should do chmod go-w

Ladner, Eric (CLAD) CLAD at chevron.com
Thu Oct 4 04:50:29 EST 2001

Doesn't the authorized_keys have to be world readable?

Just checking..


-----Original Message-----
From: mouring at etoh.eviladmin.org [mailto:mouring at etoh.eviladmin.org]
Sent: Wednesday, October 03, 2001 1:36 PM
Cc: openssh-unix-dev at mindrot.org
Subject: Re: [PATCH] ssh-copy-id should do chmod go-w

On Wed, 3 Oct 2001, Peter W wrote:

> > chmod 700 .ssh; chmod 600 .ssh/authorized_keys
> >
> > makes more sense.  Changing ~/ permissions is a local policy issue, and
> > know I get peaved when something changes my policy without asking.
> What about simply setting the umask to 077 before doing anything? If the
> user has existing files/dirs, they won't be changed, but any new stuff
> be safely created.

Best idea I've seen so far.

If no one scream...this is what the new line will look like:

{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat
>> .ssh/authorized_keys"

- Ben

More information about the openssh-unix-dev mailing list