[openssh] the private keys may be 640 root:ssh_keys ssh_keysign is sgid
Jan F. Chadima
jfch2222 at fedoraproject.org
Fri Apr 22 09:30:56 UTC 2011
commit 71bf983fca360479740312d7acbe4e33457fda7e
Author: Jan F <jfch at cauvin.jagda.eu>
Date: Fri Apr 22 11:30:31 2011 +0200
the private keys may be 640 root:ssh_keys ssh_keysign is sgid
sshd.init | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/sshd.init b/sshd.init
index 889c776..7666070 100755
--- a/sshd.init
+++ b/sshd.init
@@ -51,7 +51,8 @@ do_rsa1_keygen() {
echo -n $"Generating SSH1 RSA host key: "
rm -f $RSA1_KEY
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
- chmod 600 $RSA1_KEY
+ chgrp ssh_keys $RSA1_KEY
+ chmod 640 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA1_KEY.pub
@@ -71,7 +72,8 @@ do_rsa_keygen() {
echo -n $"Generating SSH2 RSA host key: "
rm -f $RSA_KEY
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
- chmod 600 $RSA_KEY
+ chgrp ssh_keys $RSA_KEY
+ chmod 640 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY.pub
@@ -91,7 +93,8 @@ do_dsa_keygen() {
echo -n $"Generating SSH2 DSA host key: "
rm -f $DSA_KEY
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
- chmod 600 $DSA_KEY
+ chgrp ssh_keys $DSA_KEY
+ chmod 640 $DSA_KEY
chmod 644 $DSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $DSA_KEY.pub
More information about the scm-commits
mailing list