- mcbride@cvs.openbsd.org 2008/02/09 12:15:43

[ssh.1 sshd.8] Document the correct permissions for the ~/.ssh/ directory. ok jmc
author: Damien Miller <djm@mindrot.org> 2008-02-10 22:46:22 +1100
committer: Damien Miller <djm@mindrot.org> 2008-02-10 22:46:22 +1100
commit: 520e61552a67c95dcf9b423241a0e4454ae911ef (patch)
tree: 447297218be1a40bbdb2fdf85e1306b557225eca
parent: 70433b5d7310b03a02424fecf7f40a756fee22ae (diff)
3 files changed, 23 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 0324cbbbd..c941fb892 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -71,6 +71,10 @@
   - markus@cvs.openbsd.org 2008/02/04 21:53:00
     [session.c sftp-server.c sftp.h]
     link sftp-server into sshd; feedback and ok djm@
+   - mcbride@cvs.openbsd.org 2008/02/09 12:15:43
+     [ssh.1 sshd.8]
+     Document the correct permissions for the ~/.ssh/ directory.
+     ok jmc
 20080119
 - (djm) Silence noice from expr in ssh-copy-id; patch from
@@ -3599,4 +3603,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4834 2008/02/10 11:29:40 djm Exp $
+$Id: ChangeLog,v 1.4835 2008/02/10 11:46:22 djm Exp $
diff --git a/ssh.1 b/ssh.1
index 81d404702..35e29cc0c 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.271 2008/01/19 19:13:28 djm Exp $
+.\" $OpenBSD: ssh.1,v 1.272 2008/02/09 12:15:43 mcbride Exp $
-.Dd $Mdocdate: January 19 2008 $
+.Dd $Mdocdate: February 9 2008 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -1245,6 +1245,13 @@ This file is used in exactly the same way as
 but allows host-based authentication without permitting login with
 rlogin/rsh.
 .Pp
+.It ~/.ssh/
+This directory is the default location for all user-specific configuration
+and authentication information.
+There is no general requirement to keep the entire contents of this directory
+secret, but the recommended permissions are read/write/execute for the user,
+and not accessible by others.
+.Pp
 .It ~/.ssh/authorized_keys
 Lists the public keys (RSA/DSA) that can be used for logging in as this user.
 The format of this file is described in the
diff --git a/sshd.8 b/sshd.8
index 66dc7c0eb..eff66eb0c 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.237 2007/06/07 19:37:34 pvalchev Exp $
+.\" $OpenBSD: sshd.8,v 1.238 2008/02/09 12:15:43 mcbride Exp $
-.Dd $Mdocdate: June 11 2007 $
+.Dd $Mdocdate: February 9 2008 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -682,6 +682,13 @@ This file is used in exactly the same way as
 but allows host-based authentication without permitting login with
 rlogin/rsh.
 .Pp
+.It ~/.ssh/
+This directory is the default location for all user-specific configuration
+and authentication information.
+There is no general requirement to keep the entire contents of this directory
+secret, but the recommended permissions are read/write/execute for the user,
+and not accessible by others.
+.Pp
 .It ~/.ssh/authorized_keys
 Lists the public keys (RSA/DSA) that can be used for logging in as this user.
 The format of this file is described above.
author	Damien Miller <djm@mindrot.org>	2008-02-10 22:46:22 +1100
committer	Damien Miller <djm@mindrot.org>	2008-02-10 22:46:22 +1100
commit	520e61552a67c95dcf9b423241a0e4454ae911ef (patch)
tree	447297218be1a40bbdb2fdf85e1306b557225eca
parent	70433b5d7310b03a02424fecf7f40a756fee22ae (diff)