From 6d8dcddcf1f5a3379a2b4c7285d26024e918e909 Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Fri, 21 May 2021 15:29:48 +0800
Subject: [PATCH] fix /etc/ssh generate key file access permission error

(cherry picked from commit dc93c2e473169ae4fe4f8ad1839bffc13b6e3a62)
---
 openssh.spec | 8 +++++++-
 sshd-keygen  | 4 ++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/openssh.spec b/openssh.spec
index ba97169..3d8c48c 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 9
+%global openssh_release 10
 
 Name:           openssh
 Version:        8.2p1
@@ -464,6 +464,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Fri May 21 2021 renmingshuai<renmingshuai@huawei.com> - 8.2P1-10
+- Type:cves
+- ID:NA
+- SUG:NA
+- DESC:fix /etc/ssh generate key file access permission error
+
 * Tue Jan 12 2021 yuboyun<yuboyun@huawei.com> - 8.2P1-9
 - Type:cves
 - ID:CVE-2020-14145
diff --git a/sshd-keygen b/sshd-keygen
index efd876c..11b818a 100644
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -31,8 +31,8 @@ fi
 
 # sanitize permissions
 /usr/bin/chgrp ssh_keys $KEY
-/usr/bin/chmod 400 $KEY
-/usr/bin/chmod 400 $KEY.pub
+/usr/bin/chmod 600 $KEY
+/usr/bin/chmod 644 $KEY.pub
 if [[ -x /usr/sbin/restorecon ]]; then
 	/usr/sbin/restorecon $KEY{,.pub}
 fi
-- 
Gitee