diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | sshd.8 | 18 |
2 files changed, 21 insertions, 3 deletions
@@ -4,6 +4,10 @@ [sshd_config.5] Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, ok jmc@ djm@ + - dtucker@cvs.openbsd.org 2006/08/21 08:15:57 + [sshd.8] + Add more detail about what permissions are and aren't accepted for + authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@ 20060824 - (dtucker) [openbsd-compat/basename.c] Include errno.h. @@ -5306,4 +5310,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4511 2006/08/30 01:06:34 djm Exp $ +$Id: ChangeLog,v 1.4512 2006/08/30 01:07:00 djm Exp $ @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $ +.\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -681,9 +681,23 @@ rlogin/rsh. .It ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described above. -This file is not highly sensitive, but the recommended +The content of the file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. .Pp +If this file, the +.Pa ~/.ssh +directory, or the user's home directory are writable +by other users, then the file could be modified or replaced by unauthorized +users. +In this case, +.Nm +will not allow it to be used unless the +.Cm StrictModes +option has been set to +.Dq no . +The recommended permissions can be set by executing +.Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys . +.Pp .It ~/.ssh/environment This file is read into the environment at login (if it exists). It can only contain empty lines, comment lines (that start with |