[openssh] the private keys may be 640 root:ssh_keys ssh_keysign is sgid

[Jan F. Chadima]

commit 71bf983fca360479740312d7acbe4e33457fda7e
Author: Jan F <jfch at cauvin.jagda.eu>
Date:   Fri Apr 22 11:30:31 2011 +0200

    the private keys may be 640 root:ssh_keys ssh_keysign is sgid

 sshd.init |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/sshd.init b/sshd.init
index 889c776..7666070 100755
--- a/sshd.init
+++ b/sshd.init
@@ -51,7 +51,8 @@ do_rsa1_keygen() {
 		echo -n $"Generating SSH1 RSA host key: "
 		rm -f $RSA1_KEY
 		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $RSA1_KEY
+			chgrp ssh_keys $RSA1_KEY
+			chmod 640 $RSA1_KEY
 			chmod 644 $RSA1_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $RSA1_KEY.pub
@@ -71,7 +72,8 @@ do_rsa_keygen() {
 		echo -n $"Generating SSH2 RSA host key: "
 		rm -f $RSA_KEY
 		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $RSA_KEY
+			chgrp ssh_keys $RSA_KEY
+			chmod 640 $RSA_KEY
 			chmod 644 $RSA_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $RSA_KEY.pub
@@ -91,7 +93,8 @@ do_dsa_keygen() {
 		echo -n $"Generating SSH2 DSA host key: "
 		rm -f $DSA_KEY
 		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $DSA_KEY
+			chgrp ssh_keys $DSA_KEY
+			chmod 640 $DSA_KEY
 			chmod 644 $DSA_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $DSA_KEY.pub