please remove permission check that disallows private-group access.

Peter Moody mindrot at hda3.com
Tue Oct 23 08:39:14 AEDT 2018


the determined sysadmin can just copy the keys where they want them to
be and run chmod. problem solved. no need for a new client side config
option, which carries a non-zero cost of ongoing maintenance.

Cheers,
peter

On Mon, Oct 22, 2018 at 2:20 PM Charlie Smurthwaite <charlie at atech.media> wrote:
>
> I'm new here, but I feel like chiming in, I hope my opinions are
> welcome. At first glance at this thread it seems unnecessary to argue
> about the necessity of these checks when when the option exists to give
> users the choice.
>
> Adding configuration option(s) for users who wish to bypass these checks
> could allow experienced users to do what they need to, and less
> experienced users could still benefit form the protection by default.
>
> Generally, giving users the choice should not be controversial, but I
> will note that there is the mild fear of a user googling the error and
> finding misguided advice to simply disable the check.
>
> Charlie
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list