From 520e61552a67c95dcf9b423241a0e4454ae911ef Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 10 Feb 2008 22:46:22 +1100 Subject: [PATCH] - mcbride@cvs.openbsd.org 2008/02/09 12:15:43 [ssh.1 sshd.8] Document the correct permissions for the ~/.ssh/ directory. ok jmc --- ChangeLog | 6 +++++- ssh.1 | 11 +++++++++-- sshd.8 | 11 +++++++++-- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0324cbbbd..c941fb892 100644 --- a/ChangeLog +++ b/ChangeLog @@ -71,6 +71,10 @@ - markus@cvs.openbsd.org 2008/02/04 21:53:00 [session.c sftp-server.c sftp.h] link sftp-server into sshd; feedback and ok djm@ + - mcbride@cvs.openbsd.org 2008/02/09 12:15:43 + [ssh.1 sshd.8] + Document the correct permissions for the ~/.ssh/ directory. + ok jmc 20080119 - (djm) Silence noice from expr in ssh-copy-id; patch from @@ -3599,4 +3603,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4834 2008/02/10 11:29:40 djm Exp $ +$Id: ChangeLog,v 1.4835 2008/02/10 11:46:22 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 81d404702..35e29cc0c 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.271 2008/01/19 19:13:28 djm Exp $ -.Dd $Mdocdate: January 19 2008 $ +.\" $OpenBSD: ssh.1,v 1.272 2008/02/09 12:15:43 mcbride Exp $ +.Dd $Mdocdate: February 9 2008 $ .Dt SSH 1 .Os .Sh NAME @@ -1245,6 +1245,13 @@ This file is used in exactly the same way as but allows host-based authentication without permitting login with rlogin/rsh. .Pp +.It ~/.ssh/ +This directory is the default location for all user-specific configuration +and authentication information. +There is no general requirement to keep the entire contents of this directory +secret, but the recommended permissions are read/write/execute for the user, +and not accessible by others. +.Pp .It ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the diff --git a/sshd.8 b/sshd.8 index 66dc7c0eb..eff66eb0c 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.237 2007/06/07 19:37:34 pvalchev Exp $ -.Dd $Mdocdate: June 11 2007 $ +.\" $OpenBSD: sshd.8,v 1.238 2008/02/09 12:15:43 mcbride Exp $ +.Dd $Mdocdate: February 9 2008 $ .Dt SSHD 8 .Os .Sh NAME @@ -682,6 +682,13 @@ This file is used in exactly the same way as but allows host-based authentication without permitting login with rlogin/rsh. .Pp +.It ~/.ssh/ +This directory is the default location for all user-specific configuration +and authentication information. +There is no general requirement to keep the entire contents of this directory +secret, but the recommended permissions are read/write/execute for the user, +and not accessible by others. +.Pp .It ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described above.