Hi, and that's another feature request. Sorry if it looks like some kind of spamming, but our current maintainer was very stressed in the past and had not time to forward those reports to you and now I help him a bit out. So thanks for your patience and answering of all my mails with bugreport and feature-reqeust.> Debian by default uses the user-group system. Each user has their own > group. 002 is a reasonable umask to decide to use if you are using the > user-group system. (It's hardly the only choice, but it is a valid choice.)> However, ssh is excessivly paranoid about files that are owned by a group, > even if that group is a user-group.> host: Remote: Bad file modes for /home/joey/.ssh/authorized_keys > host: Server refused our key. > user at host:~/.ssh>ls -l authorized_keys > -rw-rw-r-- 1 user user 988 Jan 4 12:16 authorized_keys> There is nothing "bad" about that file mode.> My wishlist is that ssh have an option to make it accept files that are > group writable. Call it anything you want, even > "allow-insecure-file-group-modes", I don't particularly care..Ciao Christian -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
On Thu, Dec 28, 2000 at 02:23:49PM +0100, Christian Kurz wrote:> > user at host:~/.ssh>ls -l authorized_keys > > -rw-rw-r-- 1 user user 988 Jan 4 12:16 authorized_keys > > > There is nothing "bad" about that file mode.in sshd's view it's "bad" since openssh does not know how many users belong to the group. authorized_keys should not be group writeable. however, you can turn off StrictModes in sshd_config, but this is a bad idea.
On Thu, 28 Dec 2000, Christian Kurz wrote:> Hi, > > and that's another feature request. Sorry if it looks like some kind of > spamming, but our current maintainer was very stressed in the past and > had not time to forward those reports to you and now I help him a bit > out. So thanks for your patience and answering of all my mails with > bugreport and feature-reqeust.> > Debian by default uses the user-group system. Each user has their > > own group. 002 is a reasonable umask to decide to use if you are > > using the user-group system. (It's hardly the only choice, but it > > is a valid choice.)This should be a Debain-specific patch. -d -- | ``We've all heard that a million monkeys banging on | Damien Miller - | a million typewriters will eventually reproduce the | <djm at mindrot.org> | works of Shakespeare. Now, thanks to the Internet, / | we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org