https://bugzilla.novell.com/show_bug.cgi?id=398250
User anicka@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=398250#c8
Anna Bernathova changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |security-team@suse.de
Status|NEW |NEEDINFO
Info Provider| |locilka@novell.com
--- Comment #8 from Anna Bernathova 2008-06-13 08:42:44 MDT ---
Yes, it is a design change, see man ssh(1):
~/.ssh/id_rsa
Contains the private key for authentication. These files contain
sensitive data and should be
readable by the user but not accessible by others
(read/write/execute). ssh will simply ignore a
private key file if it is accessible by others. It is possible to
specify a passphrase when gener‐
ating the key which will be used to encrypt the sensitive part of
this file using 3DES.
I understand it is wrong to ignore keys that were not ignored before but I
think that backporting a ssh bug is a dumb way to go. If we are going to
address this problem, we should just fix the permissions. It is technically
possible to do it in openssh spec but I think that YaST should have much easier
work to do it - what do you think, Lukas?
As this is a security related design change, I am adding security team to CC to
make them aware.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.