[Security]Check file permissions of system wide ssh_config file. #1753

bagajjal · 2021-03-11T23:04:06Z

Windows don't have a system-wide ssh folder ($env:Programdata\ssh) by default.
Assume a non-admin user creates the system-wide ssh folder and then the admin user installs the win32-OpenSSH.
Admin user later manually creates the system-wide ssh_config ($env:Programdata\ssh\ssh_config). By default, this file inherits the parent folder permissions i.e., the non-admin user has the write permission.
This is not desirable.

Proposed fix - ssh.exe should check the file permissions on system-wide ssh_config file. If this file has write permissions for non admin users then fail the ssh connection.

bagajjal · 2021-03-12T02:46:44Z

Associated upstream bug,
https://bugzilla.mindrot.org/show_bug.cgi?id=3277

OpenBSD team plan to fix this in next version i.e., OpenSSH v8.6

bagajjal self-assigned this Mar 11, 2021

bagajjal added this to the V8.5.0.0 milestone Mar 11, 2021

bagajjal mentioned this issue Mar 11, 2021

Check systemwide ssh config file permissions PowerShell/openssh-portable#483

Merged

bagajjal closed this as completed Mar 12, 2021

bagajjal changed the title ~~Check file permissions of system wide ssh_config file.~~ [Security]Check file permissions of system wide ssh_config file. May 14, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security]Check file permissions of system wide ssh_config file. #1753

[Security]Check file permissions of system wide ssh_config file. #1753

bagajjal commented Mar 11, 2021 •

edited

Loading

bagajjal commented Mar 12, 2021 •

edited

Loading

[Security]Check file permissions of system wide ssh_config file. #1753

[Security]Check file permissions of system wide ssh_config file. #1753

Comments

bagajjal commented Mar 11, 2021 • edited Loading

bagajjal commented Mar 12, 2021 • edited Loading

bagajjal commented Mar 11, 2021 •

edited

Loading

bagajjal commented Mar 12, 2021 •

edited

Loading