- djm@cvs.openbsd.org 2004/04/19 13:02:40
[ssh.1 ssh_config.5]
document strict permission checks on ~/.ssh/config; prompted by,
with & ok jmc@
diff --git a/ChangeLog b/ChangeLog
index a06931c..0dfc4be 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,10 @@
perform strict ownership and modes checks for ~/.ssh/config files,
as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
+ - djm@cvs.openbsd.org 2004/04/19 13:02:40
+ [ssh.1 ssh_config.5]
+ document strict permission checks on ~/.ssh/config; prompted by,
+ with & ok jmc@
- (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for above change
20040419
@@ -1014,4 +1018,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3324 2004/04/20 10:11:57 djm Exp $
+$Id: ChangeLog,v 1.3325 2004/04/20 10:12:53 djm Exp $
diff --git a/ssh.1 b/ssh.1
index 31eb66c..053fedd 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.183 2004/04/19 13:02:40 djm Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -885,6 +885,8 @@
This is the per-user configuration file.
The file format and configuration options are described in
.Xr ssh_config 5 .
+Because of the potential for abuse, this file must have strict permissions:
+read/write for the user, and not accessible by others.
.It Pa $HOME/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
The format of this file is described in the
diff --git a/ssh_config.5 b/ssh_config.5
index 05581ec..75637e3 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.30 2004/04/19 13:02:40 djm Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
@@ -729,9 +729,8 @@
This file is used by the
.Nm ssh
client.
-This file does not usually contain any sensitive information,
-but the recommended permissions are read/write for the user, and not
-accessible by others.
+Because of the potential for abuse, this file must have strict permissions:
+read/write for the user, and not accessible by others.
.It Pa /etc/ssh/ssh_config
Systemwide configuration file.
This file provides defaults for those