diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ssh.1 | 4 | ||||
-rw-r--r-- | ssh_config.5 | 7 |
3 files changed, 11 insertions, 6 deletions
@@ -9,6 +9,10 @@ | |||
9 | perform strict ownership and modes checks for ~/.ssh/config files, | 9 | perform strict ownership and modes checks for ~/.ssh/config files, |
10 | as these can be used to execute arbitrary programs; ok markus@ | 10 | as these can be used to execute arbitrary programs; ok markus@ |
11 | NB. ssh will now exit when it detects a config with poor permissions | 11 | NB. ssh will now exit when it detects a config with poor permissions |
12 | - djm@cvs.openbsd.org 2004/04/19 13:02:40 | ||
13 | [ssh.1 ssh_config.5] | ||
14 | document strict permission checks on ~/.ssh/config; prompted by, | ||
15 | with & ok jmc@ | ||
12 | - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for above change | 16 | - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for above change |
13 | 17 | ||
14 | 20040419 | 18 | 20040419 |
@@ -1014,4 +1018,4 @@ | |||
1014 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1018 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
1015 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1019 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
1016 | 1020 | ||
1017 | $Id: ChangeLog,v 1.3324 2004/04/20 10:11:57 djm Exp $ | 1021 | $Id: ChangeLog,v 1.3325 2004/04/20 10:12:53 djm Exp $ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.183 2004/04/19 13:02:40 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -885,6 +885,8 @@ the convenience of the user. | |||
885 | This is the per-user configuration file. | 885 | This is the per-user configuration file. |
886 | The file format and configuration options are described in | 886 | The file format and configuration options are described in |
887 | .Xr ssh_config 5 . | 887 | .Xr ssh_config 5 . |
888 | Because of the potential for abuse, this file must have strict permissions: | ||
889 | read/write for the user, and not accessible by others. | ||
888 | .It Pa $HOME/.ssh/authorized_keys | 890 | .It Pa $HOME/.ssh/authorized_keys |
889 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. | 891 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
890 | The format of this file is described in the | 892 | The format of this file is described in the |
diff --git a/ssh_config.5 b/ssh_config.5 index 05581ece4..75637e316 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.30 2004/04/19 13:02:40 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -729,9 +729,8 @@ The format of this file is described above. | |||
729 | This file is used by the | 729 | This file is used by the |
730 | .Nm ssh | 730 | .Nm ssh |
731 | client. | 731 | client. |
732 | This file does not usually contain any sensitive information, | 732 | Because of the potential for abuse, this file must have strict permissions: |
733 | but the recommended permissions are read/write for the user, and not | 733 | read/write for the user, and not accessible by others. |
734 | accessible by others. | ||
735 | .It Pa /etc/ssh/ssh_config | 734 | .It Pa /etc/ssh/ssh_config |
736 | Systemwide configuration file. | 735 | Systemwide configuration file. |
737 | This file provides defaults for those | 736 | This file provides defaults for those |