- djm@cvs.openbsd.org 2004/04/19 13:02:40

     [ssh.1 ssh_config.5]
     document strict permission checks on ~/.ssh/config; prompted by,
     with & ok jmc@

3 files changed, 11 insertions, 6 deletions

diff --git a/ChangeLog b/ChangeLog
index a06931c6e..0dfc4bebc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,10 @@
      perform strict ownership and modes checks for ~/.ssh/config files, 
      as these can be used to execute arbitrary programs; ok markus@
      NB. ssh will now exit when it detects a config with poor permissions
+   - djm@cvs.openbsd.org 2004/04/19 13:02:40
+     [ssh.1 ssh_config.5]
+     document strict permission checks on ~/.ssh/config; prompted by, 
+     with & ok jmc@
  - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for above change
 
 20040419
@@ -1014,4 +1018,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3324 2004/04/20 10:11:57 djm Exp $
+$Id: ChangeLog,v 1.3325 2004/04/20 10:12:53 djm Exp $
diff --git a/ssh.1 b/ssh.1
index 31eb66c97..053fedd28 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.183 2004/04/19 13:02:40 djm Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -885,6 +885,8 @@ the convenience of the user.
 This is the per-user configuration file.
 The file format and configuration options are described in
 .Xr ssh_config 5 .
+Because of the potential for abuse, this file must have strict permissions:
+read/write for the user, and not accessible by others.
 .It Pa $HOME/.ssh/authorized_keys
 Lists the public keys (RSA/DSA) that can be used for logging in as this user.
 The format of this file is described in the
diff --git a/ssh_config.5 b/ssh_config.5
index 05581ece4..75637e316 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.30 2004/04/19 13:02:40 djm Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -729,9 +729,8 @@ The format of this file is described above.
 This file is used by the
 .Nm ssh
 client.
-This file does not usually contain any sensitive information,
-but the recommended permissions are read/write for the user, and not
-accessible by others.
+Because of the potential for abuse, this file must have strict permissions:
+read/write for the user, and not accessible by others.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those