- djm@cvs.openbsd.org 2004/04/19 13:02:40

[ssh.1 ssh_config.5] document strict permission checks on ~/.ssh/config; prompted by, with & ok jmc@
2004-04-20 20:12:53 +10:00 · 2004-04-20 20:12:53 +10:00 · c970cb9052
parent 57a4476a69
commit c970cb9052
3 changed files with 11 additions and 6 deletions
--- a/6
+++ b/6
@ -9,6 +9,10 @@
     perform strict ownership and modes checks for ~/.ssh/config files, 
     as these can be used to execute arbitrary programs; ok markus@
     NB. ssh will now exit when it detects a config with poor permissions
+   - djm@cvs.openbsd.org 2004/04/19 13:02:40
+     [ssh.1 ssh_config.5]
+     document strict permission checks on ~/.ssh/config; prompted by, 
+     with & ok jmc@
 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for above change

 20040419
@ -1014,4 +1018,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu

-$Id: ChangeLog,v 1.3324 2004/04/20 10:11:57 djm Exp $
+$Id: ChangeLog,v 1.3325 2004/04/20 10:12:53 djm Exp $
--- a/ssh.1
+++ b/ssh.1
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.183 2004/04/19 13:02:40 djm Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@ -885,6 +885,8 @@ the convenience of the user.
 This is the per-user configuration file.
 The file format and configuration options are described in
 .Xr ssh_config 5 .
+Because of the potential for abuse, this file must have strict permissions:
+read/write for the user, and not accessible by others.
 .It Pa $HOME/.ssh/authorized_keys
 Lists the public keys (RSA/DSA) that can be used for logging in as this user.
 The format of this file is described in the
--- a/ssh_config.5
+++ b/ssh_config.5
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.30 2004/04/19 13:02:40 djm Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@ -729,9 +729,8 @@ The format of this file is described above.
 This file is used by the
 .Nm ssh
 client.
-This file does not usually contain any sensitive information,
-but the recommended permissions are read/write for the user, and not
-accessible by others.
+Because of the potential for abuse, this file must have strict permissions:
+read/write for the user, and not accessible by others.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those