Bug#314649: Bug#314347: openssh-client: "Bad owner or permissions on $HOME/.ssh/config" check too aggressive
tags 314347 pending
thanks
On Wed, Jun 15, 2005 at 03:59:38PM -0500, Branden Robinson wrote:
> 1148 {0} branden@sisyphus:~/packages/xorg-x11/svn/trunk/debian$ svn up
> Bad owner or permissions on /home/branden/.ssh/config
> svn: Connection closed unexpectedly
> 1149 {1} branden@sisyphus:~/packages/xorg-x11/svn/trunk/debian$ l -l $HOME/.ssh/config
> -rw-rw-r-- 1 branden branden 125 Jun 26 2004 /home/branden/.ssh/config
> 1150 {0} branden@sisyphus:~/packages/xorg-x11/svn/trunk/debian$ chmod 644 /home/branden/.ssh/config
> 1151 {0} branden@sisyphus:~/packages/xorg-x11/svn/trunk/debian$ svn up
> At revision 220.
>
> I think that check is excessively paranoid.
Evidently I made all my ~/.ssh/config files mode 0644 ages ago for some
other reason, since I never noticed this change in behaviour ...
> I can think of a few possibilities for resolving this bug:
[...]
> 2) Simply tolerate group-writable files if the group name in question is
> identical to the user name.
>
> 3) Alternatively or additionally to 2), ensure that the user is the only
> member of the group owning the group-writable file.
The combination of these two suggestions seems to be the best fix. I've
implemented this in CVS and sent a patch upstream.
> 5) As part of the many migrations done to the new openssh world order, walk
> /home and chmod g-w on all .ssh/config files. Some people might
> consider this intrusive, though, and it doesn't prevent the creation of
> new accounts with this problem.
That would run into problems with NFS, too.
On Fri, Jun 17, 2005 at 12:59:45PM -0400, Frederic Briere wrote:
> I assume this is an attempt to make sure ~/.ssh/config is 0600 or
> something.
Actually, it's really to check that it's not *writable* by other
parties. The relevant ChangeLog entry says:
- djm@cvs.openbsd.org 2004/04/18 23:10:26
[readconf.c readconf.h ssh-keysign.c ssh.c]
perform strict ownership and modes checks for ~/.ssh/config files,
as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
> * There's no mention of this behavior in the documentation
ssh(1) says:
$HOME/.ssh/config
This is the per-user configuration file. The file format
and configuration options are described in ssh_config(5).
Because of the potential for abuse, this file must have
strict permissions: read/write for the user, and not
accessible by others.
ssh_config(5) has similar text.
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: