diff options
| author | Khem Raj <raj.khem@gmail.com> | 2024-10-11 12:42:51 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-10-15 11:47:24 +0100 |
| commit | cf4b9cfd42abd17247821fbad9aed0613a1b2c07 (patch) | |
| tree | a150db72fd91156b443b44d6fcd713c7a54ee99d | |
| parent | 87134b630f79e9faef50c58943ff7d27ddfbe65e (diff) | |
| download | poky-cf4b9cfd42abd17247821fbad9aed0613a1b2c07.tar.gz | |
openssh: Be more restrictive on private key file permissions
Sometimes default permissions on filesystems can be more permissive
e.g. 0644, this can make the private key file created here to inherit
those permissions and these permissions can then cause ssh server to
not allow ssh connections due to non-secure permissions on file.
Reported-by: Jean-Michel Papy <jean-michel.papy@exail.com>
(From OE-Core rev: 5c9f456cc39ca25123249ecb32b311736bd4e1f8)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh/sshd_check_keys | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index 606d1894b5..bbb6a14908 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys | |||
| @@ -8,7 +8,7 @@ generate_key() { | |||
| 8 | mkdir -p "$DIR" | 8 | mkdir -p "$DIR" |
| 9 | rm -f ${FILE}.tmp | 9 | rm -f ${FILE}.tmp |
| 10 | ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE | 10 | ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE |
| 11 | 11 | chmod go-rwx "$FILE.tmp" | |
| 12 | # Atomically rename file public key | 12 | # Atomically rename file public key |
| 13 | mv -f "${FILE}.tmp.pub" "${FILE}.pub" | 13 | mv -f "${FILE}.tmp.pub" "${FILE}.pub" |
| 14 | 14 | ||