[openssh] Fix permissions of sshd private keys created by sshd-keygen script (#754779)
Tomáš Mráz
tmraz at fedoraproject.org
Fri Nov 18 08:26:54 UTC 2011
commit 81da99ed9bb19f029edfb92f6a8839886777db49
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Nov 18 09:26:19 2011 +0100
Fix permissions of sshd private keys created by sshd-keygen script (#754779)
openssh.spec | 1 +
sshd-keygen | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index 2faee2d..65b800e 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -784,6 +784,7 @@ fi
%changelog
* Fri Nov 18 2011 Tomas Mraz <tmraz at redhat.com> - 5.9p1-12 + 0.9.2-32
- still support /etc/sysconfig/sshd loading in sshd service (#754732)
+- fix incorrect key permissions generated by sshd-keygen script (#754779)
* Fri Oct 14 2011 Tomas Mraz <tmraz at redhat.com> - 5.9p1-11 + 0.9.2-32
- remove unnecessary requires on initscripts
diff --git a/sshd-keygen b/sshd-keygen
index 2a85f0f..c34c7a7 100644
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -23,7 +23,7 @@ do_rsa1_keygen() {
rm -f $RSA1_KEY
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $RSA1_KEY
- chmod 640 $RSA1_KEY
+ chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA1_KEY.pub
@@ -44,7 +44,7 @@ do_rsa_keygen() {
rm -f $RSA_KEY
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $RSA_KEY
- chmod 640 $RSA_KEY
+ chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY.pub
@@ -65,7 +65,7 @@ do_dsa_keygen() {
rm -f $DSA_KEY
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $DSA_KEY
- chmod 640 $DSA_KEY
+ chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $DSA_KEY.pub
More information about the scm-commits
mailing list