Please correct the authorized_keys permissions in the man page. The man page only says "It is recommended that it not be accessible by others" but it should say "It is required that it not be accessible by any other users." I'm refering to the man page for sshd, the Files section, the authorized_keys sub-bullet.
hm, it's just required for StrictModes=yes.
Created attachment 340 [details] Change authorized_keys description. How about something like the attached? Or should this bug be closed as WONTFIX?
I'm not following the complaint here.. $ ls -l .ssh/authorized_keys -rw-r--r-- 1 mouring mouring 460 Apr 27 02:09 .ssh/authorized_keys $ grep Strict /etc/ssh/sshd_config #StrictModes yes I have zero problems with this configuration. So the manpage is correct. Recommended but not required even with StrictMode. Doing a quick source check to verify my memory the StrictMode ensures 022 mask on most files/directories along with uid ownership. BTW, ssh manpage has the same section. So remember to check other manpages to ensure your keeping consistancy.
Mass change of RESOLVED bugs to CLOSED