Added chgrp None ~/.ssh/* hack to FAQ item 4.40

2 files changed, 25 insertions, 0 deletions

diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog
index 91d80a9ed..8737ced2c 100644
--- a/winsup/doc/ChangeLog
+++ b/winsup/doc/ChangeLog
@@ -1,3 +1,8 @@
+2015-02-24  Warren Young  <warren@etr-usa.com>
+
+	* faq-using.xml (faq.using.ssh-pubkey-stops-working): Added the
+	chgrp None ~/.ssh/* fix for SSH key failure in Cygwin 1.7.34+.
+
 2015-02-17  Warren Young  <warren@etr-usa.com>
 
 	* faq-using.xml (faq.using.startup-slow): Applied Andrey Repin's
diff --git a/winsup/doc/faq-using.xml b/winsup/doc/faq-using.xml
index 14bc9ffd8..9351bc850 100644
--- a/winsup/doc/faq-using.xml
+++ b/winsup/doc/faq-using.xml
@@ -1125,6 +1125,26 @@ be not too open:</para>
   -rw-------  1 user group 1766 Aug 26  2013 .ssh/id_rsa
 </screen>
 
+<para>If the second <command>ls</command> command still gives you
+<computeroutput>-rw-rw----</computeroutput> permissions after running
+the above commands, it is proably because the file's primary group
+is your user's personal group:</para>
+
+<screen>
+  $ ls -l .ssh/id_rsa
+  -rw-rw----  1 Fred Fred 1766 Aug 26  2013 .ssh/id_rsa
+</screen>
+
+<para>Since the Windows security system treats groups and users as
+much the same thing, a change to the user or group permissions on
+such a file reflects the change to both user and group. In effect,
+mode 0600 becomes mode 0660. Because we are saying we want these
+files to be readable only by our user, the fix for this is easy:</para>
+
+<screen>
+  $ chgrp None ~/.ssh/*
+</screen>
+
 <para>For more information on <command>setfacl</command>, see
 <ulink url="https://cygwin.com/cygwin-ug-net/using-utils.html#setfacl"/></para>
 </answer></qandaentry>