Bug 1786 - ssh-copy-id's man page is misleading w.r.t. changing permissions
Summary: ssh-copy-id's man page is misleading w.r.t. changing permissions
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 5.5p1
Hardware: All All
: P2 minor
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_5_6
  Show dependency treegraph
 
Reported: 2010-06-22 06:52 AEST by asguthrie
Modified: 2010-08-27 10:27 AEST (History)
2 users (show)

See Also:

Attachments
ssh-copy-id man page update (1.47 KB, patch)
2010-06-22 06:53 AEST, asguthrie 		djm: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description asguthrie 2010-06-22 06:52:21 AEST 
"It also changes the permissions of the remote user’s home, ~/.ssh, and ~/.ssh/authorized_keys to remove group writability (which would otherwise prevent you from logging in, if the remote sshd has StrictModes set in its configuration)."

However, aside from setting an appropriate umask before creating a .ssh directory (if none exists), it doesn't do this. In particular, if .ssh exists and is group-writable, then it will remain group-writable, causing the key to be ignored by sshd if StrictModes is on.

A patch for the man page is attached.

Thanks to Steve Dee for the initial report and patch in Ubuntu (LP: #156049)
Comment 1 asguthrie 2010-06-22 06:53:13 AEST 
Created attachment 1881 [details]
ssh-copy-id man page update
Comment 2 Darren Tucker 2010-07-19 14:00:36 AEST 
Comment on attachment 1881 [details]
ssh-copy-id man page update

looks reasonable to me.
Comment 3 Darren Tucker 2010-07-19 21:25:41 AEST 
patch applied and will be in 5.6p1.  Thanks.
Comment 4 Darren Tucker 2010-08-27 10:27:51 AEST 
With the release of OpenSSH 5.6p1 this bug is now considered closed.  If you have further problems please reopen or file a new bug as appropriate.