openssh bugs - Sep 2021 - [Bug 3347] New: Option to override file permission restrictions

https://bugzilla.mindrot.org/show_bug.cgi?id=3347

            Bug ID: 3347
           Summary: Option to override file permission restrictions
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: macdjord at gmail.com

`ssh` enforces that certain files have restricted access permissions -
e.g. that `.ssh/config` not be writeable by anyone but the user, and
that private key files not be writable or readable - or else the file
will be ignored. This is a good security practice, and makes sense as
the default. However, there are times when it is *not* possible to
satisfy these requirements, and for such situations there needs to be
an option to override or bypass these restrictions when that happens.

For example, my own use case: I have a Linux VM which has some
directories mapped in from the Windows host machine. Since the Windows
file system doesn't support Unix-style file permissions, everything in
these mounted directories appears permanently world-writable, which
makes it *impossible* to use any SSH key or config files inside there.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3347

Jordan Macdonald <macdjord at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |macdjord at gmail.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3347

Will B <will.brokenbourgh2877 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |will.brokenbourgh2877 at gmail
                   |                            |.com

--- Comment #1 from Will B <will.brokenbourgh2877 at gmail.com> ---
I would also like to request this.  I understand the implications on
Unix-like systems, but for Windows this is a major time-waster.  It
took about 15 minutes too long to do a simple scp using an id file on
Windows.  I had to find and implement the Windows file security
settings that would be acceptable to OpenSSH -- for *one* file -- then
actually get on with the task of performing the scp.

Maybe to some this is a minor thing, but when time is money, and
Microsoft is using your project, this should definitely be either
bypassed or a setting provided.  Without cygwin or msys, you cannot
simply issue chmod 600 * on Windows and everything is then okay.

Thanks! :-)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.