Bug 2078

Summary: Documentation claims ~.ssh/config must not be accessible by others when actually it must not be readable
Product: Portable OpenSSH Reporter: Paul Gotch <p.r.gotch>
Component: DocumentationAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: minor CC: djm
Priority: P5    
Version: 5.9p1   
Hardware: Other   
OS: Linux   
Bug Depends on:    
Bug Blocks: 2076    

Description Paul Gotch 2013-03-12 23:35:32 AEDT 
The ssh man page claims

~/.ssh/config
This is the per-user configuration file.  The file format and
configuration options are described in ssh_config(5).  Because of
the potential for abuse, this file must have strict permissions:
read/write for the user, and not accessible by others.

However in fact this file must only not be writeable by others and this is what ssh checks for.
Comment 1 Damien Miller 2013-07-18 11:12:41 AEST 
-read/write for the user, and not accessible by others.
+read/write for the user, and not writable by others.

committed and will be in openssh-6.3
Comment 2 Damien Miller 2015-08-11 23:03:12 AEST 
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1