mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-24 10:52:05 +00:00
- dtucker@cvs.openbsd.org 2006/08/21 08:15:57
[sshd.8] Add more detail about what permissions are and aren't accepted for authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
This commit is contained in:
parent
b594f38bae
commit
5d43d49014
@ -4,6 +4,10 @@
|
||||
[sshd_config.5]
|
||||
Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@,
|
||||
ok jmc@ djm@
|
||||
- dtucker@cvs.openbsd.org 2006/08/21 08:15:57
|
||||
[sshd.8]
|
||||
Add more detail about what permissions are and aren't accepted for
|
||||
authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
|
||||
|
||||
20060824
|
||||
- (dtucker) [openbsd-compat/basename.c] Include errno.h.
|
||||
@ -5306,4 +5310,4 @@
|
||||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.4511 2006/08/30 01:06:34 djm Exp $
|
||||
$Id: ChangeLog,v 1.4512 2006/08/30 01:07:00 djm Exp $
|
||||
|
18
sshd.8
18
sshd.8
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $
|
||||
.\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD 8
|
||||
.Os
|
||||
@ -681,9 +681,23 @@ rlogin/rsh.
|
||||
.It ~/.ssh/authorized_keys
|
||||
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
|
||||
The format of this file is described above.
|
||||
This file is not highly sensitive, but the recommended
|
||||
The content of the file is not highly sensitive, but the recommended
|
||||
permissions are read/write for the user, and not accessible by others.
|
||||
.Pp
|
||||
If this file, the
|
||||
.Pa ~/.ssh
|
||||
directory, or the user's home directory are writable
|
||||
by other users, then the file could be modified or replaced by unauthorized
|
||||
users.
|
||||
In this case,
|
||||
.Nm
|
||||
will not allow it to be used unless the
|
||||
.Cm StrictModes
|
||||
option has been set to
|
||||
.Dq no .
|
||||
The recommended permissions can be set by executing
|
||||
.Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys .
|
||||
.Pp
|
||||
.It ~/.ssh/environment
|
||||
This file is read into the environment at login (if it exists).
|
||||
It can only contain empty lines, comment lines (that start with
|
||||
|
Loading…
Reference in New Issue
Block a user