Added chgrp None ~/.ssh/* hack to FAQ item 4.40

2015-02-25 01:09:38 +00:00 · 2015-02-25 01:09:38 +00:00 · 2fdce9d618
parent ad8d295e7c
commit 2fdce9d618
2 changed files with 25 additions and 0 deletions
--- a/winsup/doc/ChangeLog
+++ b/winsup/doc/ChangeLog
@ -1,3 +1,8 @@
+2015-02-24  Warren Young  <warren@etr-usa.com>
+
+	* faq-using.xml (faq.using.ssh-pubkey-stops-working): Added the
+	chgrp None ~/.ssh/* fix for SSH key failure in Cygwin 1.7.34+.
+
 2015-02-17  Warren Young  <warren@etr-usa.com>

 	* faq-using.xml (faq.using.startup-slow): Applied Andrey Repin's
--- a/winsup/doc/faq-using.xml
+++ b/winsup/doc/faq-using.xml
@ -1125,6 +1125,26 @@ be not too open:</para>
  -rw-------  1 user group 1766 Aug 26  2013 .ssh/id_rsa
 </screen>

+<para>If the second <command>ls</command> command still gives you
+<computeroutput>-rw-rw----</computeroutput> permissions after running
+the above commands, it is proably because the file's primary group
+is your user's personal group:</para>
+
+<screen>
+  $ ls -l .ssh/id_rsa
+  -rw-rw----  1 Fred Fred 1766 Aug 26  2013 .ssh/id_rsa
+</screen>
+
+<para>Since the Windows security system treats groups and users as
+much the same thing, a change to the user or group permissions on
+such a file reflects the change to both user and group. In effect,
+mode 0600 becomes mode 0660. Because we are saying we want these
+files to be readable only by our user, the fix for this is easy:</para>
+
+<screen>
+  $ chgrp None ~/.ssh/*
+</screen>
+
 <para>For more information on <command>setfacl</command>, see
 <ulink url="https://cygwin.com/cygwin-ug-net/using-utils.html#setfacl"/></para>
 </answer></qandaentry>