-
Notifications
You must be signed in to change notification settings - Fork 825
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Set RH ssh key permissions when no 'ssh_keys' group (#5296)
Fedora core 38 and above, centos 10 stream and all distributions derived from them do not have the group 'ssh_keys'. Please see the fedora rawhide change https://src.fedoraproject.org/rpms/openssh/c/7a21555354a2c5e724aa4c287b640c24bf108780?branch=rawhide In those distributions, openssh versions are 9 and above. The private key permissions are set as 0o600 and the public key permissions are set as 0o644 from sshd-keygen utility. The 'root' group owns the keys. Please see https://src.fedoraproject.org/rpms/openssh/c/b615362fd0b4da657d624571441cb74983de6e3f?branch=rawhide In older releases where 'ssh_keys' group is present, the private key permissions are set as 0o640. Public key permissions are 0o644. These releases have openssh version less than 9. Since cloud-init generates the keys and not the sshd-genkey utility, permissions must be set accordingly for cloud-init generated public and private keys for all cases. This includes cases where 'ssh_keys' group is absent. This change fixes this. The code has been reworked a little bit so as to simplify things. Unit tests have been adjusted accordingly. Signed-off-by: Ani Sinha <anisinha@redhat.com>
- Loading branch information
Showing
2 changed files
with
45 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters