~/.ssh/config permissions

Alon Bar-Lev alon.barlev at gmail.com
Thu Nov 19 18:37:10 AEDT 2015


On 19 November 2015 at 04:50, Damien Miller <djm at mindrot.org> wrote:
> As far as I'm aware, none of the developers have anything to do with
> the wiki page. The man pages should describe the correct behaviour
> and the source should implement it :)

Thank you!

>
> On Wed, 18 Nov 2015, Alon Bar-Lev wrote:
>
>> On 15 November 2015 at 09:55, Alon Bar-Lev <alon.barlev at gmail.com> wrote:
>> >
>> > Hi,
>> >
>> > Working with apache-sshd I found that it forces ~/.ssh/config to be
>> > owned by user without group/others permissions. It failed for me
>> > within my valid openssh environment.
>> >
>> > Within sources (readconf.c::read_config_file), I found that openssh
>> > only enforces ownership by user and not group/others write.
>> >
>> > When I opened an issue, I was referred to this[1] wiki page (not sure
>> > who maintain it) claiming that:
>> > """
>> > This file must not be accessible to other users in any way. Set strict
>> > permissions: read/write for the user, and not accessible by others. It
>> > may group-writable if and only if that user is the only member of the
>> > group in question.
>> > """
>> >
>> > Personally, I prefer the sources as a reference, but as this wiki page
>> > is source for information for some, and find no reason why this file
>> > is sensitive for read.
>> >
>> > I would like to know what is the expected behaviour.
>>
>> Hi!
>> Anyone knows what is the expected behaviour?
>> Thanks!
>>
>> >
>> > Regards,
>> > Alon Bar-Lev.
>> >
>> > [1] https://en.wikibooks.org/wiki/OpenSSH/Client_Configuration_Files#.7E.2F.ssh.2Fconfig
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>>


More information about the openssh-unix-dev mailing list