Bug#274076: ssh-copy-id does not fix permissions as advertised by the man page
Package: ssh
Version: 1:3.8.1p1-8
Severity: normal
According to ssh-copy-id(1), ssh-copy-id is supposed to fix
the permissions of ~, ~/.ssh and ~/.ssh/authorized_keys:
--8<---
It also changes the permissions of the remote user's home, ~/.ssh, and
~/.ssh/authorized_keys to remove group writability (which would other-
wise prevent you from logging in, if the remote sshd has StrictModes
set in its configuration).
--8<---
However all it actually does is creating ~/.ssh and
~/.ssh/authorized_keys with the proper permissions if they do
not exist already.
It does not care at all about the permissions of the user's home
directory.
elmar
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.4.25-grsecurity-1.9.14
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8
Versions of packages ssh depends on:
ii adduser 3.59 Add and remove users and groups
ii debconf 1.4.36 Debian configuration management sy
ii dpkg 1.10.23 Package maintenance system for Deb
ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an
ii libpam-modules 0.76-22 Pluggable Authentication Modules f
ii libpam-runtime 0.76-22 Runtime support for the PAM librar
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7d-5 SSL shared libraries
ii libwrap0 7.6.dbs-6 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.1.2-1 compression library - runtime
-- debconf information:
ssh/insecure_rshd:
ssh/privsep_ask: true
* ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/upgrade_to_openssh: true
* ssh/SUID_client: false
ssh/protocol2_default:
* ssh/privsep_tell:
* ssh/ssh2_keys_merged:
ssh/ancient_version:
ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
Reply to: