please remove permission check that disallows private-group access.

Wolfgang S. Rupprecht wolfgang.rupprecht at gmail.com
Tue Oct 23 07:58:00 AEDT 2018


Damien Miller <djm at mindrot.org> writes:
> We don't plan to remove this check. Accidental key exposure is still an
> unfortunately common problem and, while this check isn't perfect, I'm
> pretty sure that it avoids enough real-world misconfiguration to
> justify it's continued existence.

Maybe the check could have a configuration option to disable it?  That
ways newbies would still be protected but folks that need to use the
group permissions to sort out NFS / UID issues could still use ssh
without going to great lengths to circumvent the check?

-wolfgang



More information about the openssh-unix-dev mailing list