~/.ssh/config permissions

Damien Miller djm at mindrot.org
Thu Nov 19 13:50:01 AEDT 2015


As far as I'm aware, none of the developers have anything to do with
the wiki page. The man pages should describe the correct behaviour
and the source should implement it :)

On Wed, 18 Nov 2015, Alon Bar-Lev wrote:

> On 15 November 2015 at 09:55, Alon Bar-Lev <alon.barlev at gmail.com> wrote:
> >
> > Hi,
> >
> > Working with apache-sshd I found that it forces ~/.ssh/config to be
> > owned by user without group/others permissions. It failed for me
> > within my valid openssh environment.
> >
> > Within sources (readconf.c::read_config_file), I found that openssh
> > only enforces ownership by user and not group/others write.
> >
> > When I opened an issue, I was referred to this[1] wiki page (not sure
> > who maintain it) claiming that:
> > """
> > This file must not be accessible to other users in any way. Set strict
> > permissions: read/write for the user, and not accessible by others. It
> > may group-writable if and only if that user is the only member of the
> > group in question.
> > """
> >
> > Personally, I prefer the sources as a reference, but as this wiki page
> > is source for information for some, and find no reason why this file
> > is sensitive for read.
> >
> > I would like to know what is the expected behaviour.
> 
> Hi!
> Anyone knows what is the expected behaviour?
> Thanks!
> 
> >
> > Regards,
> > Alon Bar-Lev.
> >
> > [1] https://en.wikibooks.org/wiki/OpenSSH/Client_Configuration_Files#.7E.2F.ssh.2Fconfig
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 


More information about the openssh-unix-dev mailing list