[PATCH] ssh-copy-id should do chmod go-w

Ladner, Eric (CLAD) CLAD at chevron.com
Thu Oct 4 05:08:19 EST 2001


Ah.. maybe I'm not as paranoid as I should be.

Thanks for the info.

Eric

-----Original Message-----
From: mouring at etoh.eviladmin.org [mailto:mouring at etoh.eviladmin.org]
Sent: Wednesday, October 03, 2001 1:58 PM
To: openssh-unix-dev at mindrot.org
Subject: RE: [PATCH] ssh-copy-id should do chmod go-w




$ ls -l .ssh/authorized_keys2
-rw-------  1 mouring  users  237 Sep  4 17:43 .ssh/authorized_keys2

It does? =) Could have fooled my UNIX boxes.  <smile>

- Ben

On Wed, 3 Oct 2001, Ladner, Eric (CLAD) wrote:

> Doesn't the authorized_keys have to be world readable?
>
> Just checking..
>
> Eric
>
> -----Original Message-----
> From: mouring at etoh.eviladmin.org [mailto:mouring at etoh.eviladmin.org]
> Sent: Wednesday, October 03, 2001 1:36 PM
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: [PATCH] ssh-copy-id should do chmod go-w
>
>
>
>
> On Wed, 3 Oct 2001, Peter W wrote:
>
> > > chmod 700 .ssh; chmod 600 .ssh/authorized_keys
> > >
> > > makes more sense.  Changing ~/ permissions is a local policy issue,
and
> I
> > > know I get peaved when something changes my policy without asking.
> >
> > What about simply setting the umask to 077 before doing anything? If the
> > user has existing files/dirs, they won't be changed, but any new stuff
> would
> > be safely created.
> >
>
> Best idea I've seen so far.
>
> If no one scream...this is what the new line will look like:
>
> { eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat
> >> .ssh/authorized_keys"
>
> - Ben
>
>
>





More information about the openssh-unix-dev mailing list