From cf0b4522835e20380c6f4b0152496434a2692e2a Mon Sep 17 00:00:00 2001
From: quanhongfei <2506045831@qq.com>
Date: Wed, 9 Dec 2020 21:44:36 +0800
Subject: [PATCH] fix ssh key file access permission error

---
 openssh.spec | 8 +++++++-
 sshd-keygen  | 4 ++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/openssh.spec b/openssh.spec
index b20b2b2..d3eb54c 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 7
+%global openssh_release 8
 
 Name:           openssh
 Version:        8.2p1
@@ -462,6 +462,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Wed Dec 09 2020 quanhongfei<quanhongfei@huawei.com> - 8.2P1-8
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix /etc/ssh/ generate key file access premission error
+
 * Wed Nov 18 2020 gaihuiying<gaihuiying1@huawei.com> - 8.2P1-7
 - Type:bugfix
 - CVE:NA
diff --git a/sshd-keygen b/sshd-keygen
index efd876c..141814c 100644
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -31,8 +31,8 @@ fi
 
 # sanitize permissions
 /usr/bin/chgrp ssh_keys $KEY
-/usr/bin/chmod 400 $KEY
-/usr/bin/chmod 400 $KEY.pub
+/usr/bin/chmod 640 $KEY
+/usr/bin/chmod 644 $KEY.pub
 if [[ -x /usr/sbin/restorecon ]]; then
 	/usr/sbin/restorecon $KEY{,.pub}
 fi
-- 
Gitee