Hi, Working with apache-sshd I found that it forces ~/.ssh/config to be owned by user without group/others permissions. It failed for me within my valid openssh environment. Within sources (readconf.c::read_config_file), I found that openssh only enforces ownership by user and not group/others write. When I opened an issue, I was referred to this[1] wiki page (not sure who maintain it) claiming that: """ This file must not be accessible to other users in any way. Set strict permissions: read/write for the user, and not accessible by others. It may group-writable if and only if that user is the only member of the group in question. """ Personally, I prefer the sources as a reference, but as this wiki page is source for information for some, and find no reason why this file is sensitive for read. I would like to know what is the expected behaviour. Regards, Alon Bar-Lev. [1] https://en.wikibooks.org/wiki/OpenSSH/Client_Configuration_Files#.7E.2F.ssh.2Fconfig
On 15 November 2015 at 09:55, Alon Bar-Lev <alon.barlev at gmail.com> wrote:> > Hi, > > Working with apache-sshd I found that it forces ~/.ssh/config to be > owned by user without group/others permissions. It failed for me > within my valid openssh environment. > > Within sources (readconf.c::read_config_file), I found that openssh > only enforces ownership by user and not group/others write. > > When I opened an issue, I was referred to this[1] wiki page (not sure > who maintain it) claiming that: > """ > This file must not be accessible to other users in any way. Set strict > permissions: read/write for the user, and not accessible by others. It > may group-writable if and only if that user is the only member of the > group in question. > """ > > Personally, I prefer the sources as a reference, but as this wiki page > is source for information for some, and find no reason why this file > is sensitive for read. > > I would like to know what is the expected behaviour.Hi! Anyone knows what is the expected behaviour? Thanks!> > Regards, > Alon Bar-Lev. > > [1] https://en.wikibooks.org/wiki/OpenSSH/Client_Configuration_Files#.7E.2F.ssh.2Fconfig
As far as I'm aware, none of the developers have anything to do with the wiki page. The man pages should describe the correct behaviour and the source should implement it :) On Wed, 18 Nov 2015, Alon Bar-Lev wrote:> On 15 November 2015 at 09:55, Alon Bar-Lev <alon.barlev at gmail.com> wrote: > > > > Hi, > > > > Working with apache-sshd I found that it forces ~/.ssh/config to be > > owned by user without group/others permissions. It failed for me > > within my valid openssh environment. > > > > Within sources (readconf.c::read_config_file), I found that openssh > > only enforces ownership by user and not group/others write. > > > > When I opened an issue, I was referred to this[1] wiki page (not sure > > who maintain it) claiming that: > > """ > > This file must not be accessible to other users in any way. Set strict > > permissions: read/write for the user, and not accessible by others. It > > may group-writable if and only if that user is the only member of the > > group in question. > > """ > > > > Personally, I prefer the sources as a reference, but as this wiki page > > is source for information for some, and find no reason why this file > > is sensitive for read. > > > > I would like to know what is the expected behaviour. > > Hi! > Anyone knows what is the expected behaviour? > Thanks! > > > > > Regards, > > Alon Bar-Lev. > > > > [1] https://en.wikibooks.org/wiki/OpenSSH/Client_Configuration_Files#.7E.2F.ssh.2Fconfig > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >