My initial problem: I am using git
with SSH for authentication. Each time I push/pull, I get The authenticity of the host […] can’t be established
, and after confirming to trust the host, I can connect successfully, but the confirmation is not recorded: Failed to add the host to the list of known hosts (/Users/peterlefanulumsdaine/.ssh/known_hosts).
The cause appears to be restrictive permissions/access control lists (ACLs) of the file ~/.ssh/known_hosts
, as described e.g. here.
peterlefanulumsdaine$ ls -le ~/.ssh/
[…]
-rw-r--r--@ 1 peterlefanulumsdaine staff 6795 18 Feb 2015 known_hosts
0: group:everyone deny write,delete,append,writeattr,writeextattr,chown
and the obvious solution, as suggested at that link, is to clear the ACLs with sudo chmod -N ~/.ssh/known_hosts
.
However, I am wary of changing permissions without knowing something about the reasons for the existing settings. So: why are the default permissions/ACLs for ~/.ssh/known_hosts
restrictive, and is it safe to make them less restrictive by clearing the ACLs?
(I am on Yosemite, 10.10.5. I haven’t ever tinkered with ~/.ssh/known_hosts
by hand. The only tools I directly use that I would guess might have affected it are ssh
, git
, and brew
.)
Best Answer
It's perfectly safe. The unix permissions you have set there are enough. I don't have an ACL on my known_hosts file.