[openssh/f16] Fix permissions of sshd private keys created by sshd-keygen script (#754779)
Tomáš Mráz
tmraz at fedoraproject.org
Fri Nov 18 09:06:13 UTC 2011
commit c3b5d2ecc760b1badab5db38f8891be6372c5266
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Nov 18 09:26:19 2011 +0100
Fix permissions of sshd private keys created by sshd-keygen script (#754779)
openssh.spec | 1 +
sshd-keygen | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index 6ef789d..93c0183 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -773,6 +773,7 @@ fi
%changelog
* Fri Nov 18 2011 Tomas Mraz <tmraz at redhat.com> - 5.8p2-21 + 0.9.2-31
- still support /etc/sysconfig/sshd loading in sshd service (#754732)
+- fix incorrect key permissions generated by sshd-keygen script (#754779)
* Tue Aug 9 2011 Jan F. Chadima <jchadima at redhat.com> - 5.8p2-20 + 0.9.2-31
- save ssh-askpass's debuginfo
diff --git a/sshd-keygen b/sshd-keygen
index 2a85f0f..c34c7a7 100644
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -23,7 +23,7 @@ do_rsa1_keygen() {
rm -f $RSA1_KEY
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $RSA1_KEY
- chmod 640 $RSA1_KEY
+ chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA1_KEY.pub
@@ -44,7 +44,7 @@ do_rsa_keygen() {
rm -f $RSA_KEY
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $RSA_KEY
- chmod 640 $RSA_KEY
+ chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY.pub
@@ -65,7 +65,7 @@ do_dsa_keygen() {
rm -f $DSA_KEY
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $DSA_KEY
- chmod 640 $DSA_KEY
+ chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $DSA_KEY.pub
More information about the scm-commits
mailing list