diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2004-04-19 13:02:41 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2004-04-19 13:02:41 +0000 |
| commit | 58f12ce9cc5a652c072dd442ff880c41a6065056 (patch) | |
| tree | 38e6781f820a634fb9ec5869af1db9ebbf2508a1 | |
| parent | 4c0efe80af837273c04171822b6ad6097e8d1049 (diff) | |
document strict permission checks on ~/.ssh/config; prompted by, with & ok jmc@
| -rw-r--r-- | usr.bin/ssh/ssh.1 | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 7 |
2 files changed, 6 insertions, 5 deletions
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index 31eb66c979b..053fedd2894 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.183 2004/04/19 13:02:40 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -885,6 +885,8 @@ the convenience of the user. This is the per-user configuration file. The file format and configuration options are described in .Xr ssh_config 5 . +Because of the potential for abuse, this file must have strict permissions: +read/write for the user, and not accessible by others. .It Pa $HOME/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 05581ece47c..75637e316eb 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.30 2004/04/19 13:02:40 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -729,9 +729,8 @@ The format of this file is described above. This file is used by the .Nm ssh client. -This file does not usually contain any sensitive information, -but the recommended permissions are read/write for the user, and not -accessible by others. +Because of the potential for abuse, this file must have strict permissions: +read/write for the user, and not accessible by others. .It Pa /etc/ssh/ssh_config Systemwide configuration file. This file provides defaults for those |