summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@cvs.openbsd.org>2006-08-21 08:15:58 +0000
committerDarren Tucker <dtucker@cvs.openbsd.org>2006-08-21 08:15:58 +0000
commitd2bc11fa4e1465a4d6300fac5279c53ef27ae8d3 (patch)
tree15165fc1f8e08753726eeafaff0b4d555dbb7261 /usr.bin
parent720e0d4375a93a27fa16a821f94aeff58df428ba (diff)
Add more detail about what permissions are and aren't accepted for
authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/sshd.818
1 files changed, 16 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index abe31ce32f5..af0238c4b09 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $
+.\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -655,9 +655,23 @@ rlogin/rsh.
.It ~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
The format of this file is described above.
-This file is not highly sensitive, but the recommended
+The content of the file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others.
.Pp
+If this file, the
+.Pa ~/.ssh
+directory, or the user's home directory are writable
+by other users, then the file could be modified or replaced by unauthorized
+users.
+In this case,
+.Nm
+will not allow it to be used unless the
+.Cm StrictModes
+option has been set to
+.Dq no .
+The recommended permissions can be set by executing
+.Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys .
+.Pp
.It ~/.ssh/environment
This file is read into the environment at login (if it exists).
It can only contain empty lines, comment lines (that start with