https://bugzilla.mindrot.org/show_bug.cgi?id=2050
--- Comment #18 from Drew DeVault <[email protected]> --- (In reply to Dmitry V. Levin from comment #17) > The risk is that sensitive data would be accessed from a less secure > location than ~/.ssh/. I saw setups where ~/ and ~/.ssh/ > directories were out of user control, these setups would break. > > You're talking about defaults, they shouldn't change this way. But how does that happen? This is entirely hypothetical. No one is asking ssh-keygen to stop setting keys to 600. If you saw setups where ~/.ssh is "out of user control", causing things to break, what makes that any different from if ~/.config/ssh/ is "out of user control"? If you really, desperately don't want to change the defaults (something which has led to actual security problems in SSH, by the way, like generating less-secure RSA keys by default), then alternatives like SSH_XDG_* have been proposed as an incremental stepping stone. If you have arguments to make, *make* them, rather than just alluding to their approximate shape and making vague generalizations. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
