[sshd.8]
     Add more detail about what permissions are and aren't accepted for
     authorized_keys files.  Corrections jmc@, ok djm@, "looks good" jmc@
This commit is contained in:
Damien Miller 2006-08-30 11:07:00 +10:00
parent b594f38bae
commit 5d43d49014
2 changed files with 21 additions and 3 deletions

View File

@ -4,6 +4,10 @@
[sshd_config.5]
Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@,
ok jmc@ djm@
- dtucker@cvs.openbsd.org 2006/08/21 08:15:57
[sshd.8]
Add more detail about what permissions are and aren't accepted for
authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
20060824
- (dtucker) [openbsd-compat/basename.c] Include errno.h.
@ -5306,4 +5310,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.4511 2006/08/30 01:06:34 djm Exp $
$Id: ChangeLog,v 1.4512 2006/08/30 01:07:00 djm Exp $

18
sshd.8
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $
.\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@ -681,9 +681,23 @@ rlogin/rsh.
.It ~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
The format of this file is described above.
This file is not highly sensitive, but the recommended
The content of the file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others.
.Pp
If this file, the
.Pa ~/.ssh
directory, or the user's home directory are writable
by other users, then the file could be modified or replaced by unauthorized
users.
In this case,
.Nm
will not allow it to be used unless the
.Cm StrictModes
option has been set to
.Dq no .
The recommended permissions can be set by executing
.Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys .
.Pp
.It ~/.ssh/environment
This file is read into the environment at login (if it exists).
It can only contain empty lines, comment lines (that start with