From 6d8dcddcf1f5a3379a2b4c7285d26024e918e909 Mon Sep 17 00:00:00 2001 From: renmingshuai Date: Fri, 21 May 2021 15:29:48 +0800 Subject: [PATCH] fix /etc/ssh generate key file access permission error (cherry picked from commit dc93c2e473169ae4fe4f8ad1839bffc13b6e3a62) --- openssh.spec | 8 +++++++- sshd-keygen | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/openssh.spec b/openssh.spec index ba97169..3d8c48c 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 9 +%global openssh_release 10 Name: openssh Version: 8.2p1 @@ -464,6 +464,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Fri May 21 2021 renmingshuai - 8.2P1-10 +- Type:cves +- ID:NA +- SUG:NA +- DESC:fix /etc/ssh generate key file access permission error + * Tue Jan 12 2021 yuboyun - 8.2P1-9 - Type:cves - ID:CVE-2020-14145 diff --git a/sshd-keygen b/sshd-keygen index efd876c..11b818a 100644 --- a/sshd-keygen +++ b/sshd-keygen @@ -31,8 +31,8 @@ fi # sanitize permissions /usr/bin/chgrp ssh_keys $KEY -/usr/bin/chmod 400 $KEY -/usr/bin/chmod 400 $KEY.pub +/usr/bin/chmod 600 $KEY +/usr/bin/chmod 644 $KEY.pub if [[ -x /usr/sbin/restorecon ]]; then /usr/sbin/restorecon $KEY{,.pub} fi -- Gitee