diff --git a/openssh.spec b/openssh.spec
index ba9716974686c071ea0ba6b42d48b0dcfa4bcbf3..3d8c48c6f98eb425a5ffde891873a8f8df979a63 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 9
+%global openssh_release 10
 
 Name:           openssh
 Version:        8.2p1
@@ -464,6 +464,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Fri May 21 2021 renmingshuai<renmingshuai@huawei.com> - 8.2P1-10
+- Type:cves
+- ID:NA
+- SUG:NA
+- DESC:fix /etc/ssh generate key file access permission error
+
 * Tue Jan 12 2021 yuboyun<yuboyun@huawei.com> - 8.2P1-9
 - Type:cves
 - ID:CVE-2020-14145
diff --git a/sshd-keygen b/sshd-keygen
index efd876c99aa7c6a854f603889d32617b4f550a49..11b818adc376a8739fc620a1052d8b8564e91671 100644
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -31,8 +31,8 @@ fi
 
 # sanitize permissions
 /usr/bin/chgrp ssh_keys $KEY
-/usr/bin/chmod 400 $KEY
-/usr/bin/chmod 400 $KEY.pub
+/usr/bin/chmod 600 $KEY
+/usr/bin/chmod 644 $KEY.pub
 if [[ -x /usr/sbin/restorecon ]]; then
 	/usr/sbin/restorecon $KEY{,.pub}
 fi