Sometimes default permissions on filesystems can be more permissive e.g. 0644, this can make the private key file created here to inherit those permissions and these permissions can then cause ssh server to not allow ssh connections due to non-secure permissions on file.
Reported-by: Jean-Michel Papy <[email protected]> Signed-off-by: Khem Raj <[email protected]> Cc: Jörg Sommer <[email protected]> --- v2: Remove o and g permissions only meta/recipes-connectivity/openssh/openssh/sshd_check_keys | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index 606d1894b55..bbb6a149088 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -8,7 +8,7 @@ generate_key() { mkdir -p "$DIR" rm -f ${FILE}.tmp ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE - + chmod go-rwx "$FILE.tmp" # Atomically rename file public key mv -f "${FILE}.tmp.pub" "${FILE}.pub"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#205697): https://lists.openembedded.org/g/openembedded-core/message/205697 Mute This Topic: https://lists.openembedded.org/mt/108955702/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
