[PATCH] ssh-copy-id should do chmod go-w
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Thu Oct 4 04:58:27 EST 2001
$ ls -l .ssh/authorized_keys2
-rw------- 1 mouring users 237 Sep 4 17:43 .ssh/authorized_keys2
It does? =) Could have fooled my UNIX boxes. <smile>
- Ben
On Wed, 3 Oct 2001, Ladner, Eric (CLAD) wrote:
> Doesn't the authorized_keys have to be world readable?
>
> Just checking..
>
> Eric
>
> -----Original Message-----
> From: mouring at etoh.eviladmin.org [mailto:mouring at etoh.eviladmin.org]
> Sent: Wednesday, October 03, 2001 1:36 PM
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: [PATCH] ssh-copy-id should do chmod go-w
>
>
>
>
> On Wed, 3 Oct 2001, Peter W wrote:
>
> > > chmod 700 .ssh; chmod 600 .ssh/authorized_keys
> > >
> > > makes more sense. Changing ~/ permissions is a local policy issue, and
> I
> > > know I get peaved when something changes my policy without asking.
> >
> > What about simply setting the umask to 077 before doing anything? If the
> > user has existing files/dirs, they won't be changed, but any new stuff
> would
> > be safely created.
> >
>
> Best idea I've seen so far.
>
> If no one scream...this is what the new line will look like:
>
> { eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat
> >> .ssh/authorized_keys"
>
> - Ben
>
>
>
More information about the openssh-unix-dev
mailing list