Add ~/.ssh/id_dsa and ~/.ssh/id_rsa to the "must be owned by user and

not readable by other" block.  Remove ~/.ssh/random_seed as it is
not used in OpenSSH.

Add ~/.ssh/authorized_keys2, and ~/.ssh/known_hosts to the "must be
owned by user and not writable"  block.

1 files changed, 5 insertions, 4 deletions

diff --git a/etc/security b/etc/security
index 1fa7a69a761..202f5d9feff 100644
--- a/etc/security
+++ b/etc/security
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: security,v 1.44 2001/01/31 19:12:10 deraadt Exp $
+#	$OpenBSD: security,v 1.45 2001/03/16 15:38:13 millert Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
 #
 
@@ -374,7 +374,7 @@ fi
 
 # Files that should not be owned by someone else or readable.
 list=".netrc .rhosts .gnupg/secring.gpg .gnupg/random_seed \
-	.pgp/secring.pgp .shosts .ssh/identity .ssh/random_seed"
+	.pgp/secring.pgp .shosts .ssh/identity .ssh/id_dsa .ssh/id_rsa"
 awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
 while read uid homedir; do
 	for f in $list ; do
@@ -399,8 +399,9 @@ awk '$1 != $5 && $5 != "root" \
 list=".bashrc .bash_profile .bash_login .bash_logout .cshrc \
       .emacs .exrc .forward .fvwmrc .inputrc .klogin .kshrc .login \
       .logout .nexrc .profile .screenrc .ssh .ssh/config \
-      .ssh/authorized_keys .ssh/environment .ssh/known_hosts .ssh/rc \
-      .tcshrc .twmrc .xsession .xinitrc .Xdefaults .Xauthority"
+      .ssh/authorized_keys .ssh/authorized_keys2 .ssh/environment \
+      .ssh/known_hosts .ssh/rc .tcshrc .twmrc .xsession .xinitrc \
+      .Xdefaults .Xauthority"
 awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
 while read uid homedir; do
 	for f in $list ; do