diff options
| author | Nick Hanley <nicholasjhanley@gmail.com> | 2022-07-07 22:49:09 -0400 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2022-07-12 11:55:26 +0000 |
| commit | dfd40992e1735ed9b60d4e009185d5b1dc07a7b4 (patch) | |
| tree | d0a70dea9118bf9fec92f114d65afc8eb3470c54 /setup-sshd.in | |
| parent | a7b906d81470edeec05cf95000fb86235a304b3e (diff) | |
| download | alpine-conf-dfd40992e1735ed9b60d4e009185d5b1dc07a7b4.zip | |
setup-sshd, setup-user: follow openssh permission recommendations
From the OpenSSH man page:
> ~/.ssh/
> ...
> There is no general requirement to keep the entire contents of this
> directory secret, but the recommended permissions are
> read/write/execute for the user, and not accessible by others.
>
> ~/.ssh/authorized_keys
> ...
> This file is not highly sensitive, but the recommended permissions are
> read/write for the user, and not accessible by others.
OpenSSH follows these recommendations when creating these files itself
so we should do the same.
Diffstat (limited to 'setup-sshd.in')
| -rw-r--r-- | setup-sshd.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/setup-sshd.in b/setup-sshd.in index 4dca52f..7e3d6d1 100644 --- a/setup-sshd.in +++ b/setup-sshd.in @@ -164,6 +164,7 @@ if [ -n "$authorized_key" -a "$authorized_key" != "none" ]; then authorized_key="$(wget -qO- "$key_url")" || die "Failed to fetch key from '$key_url'" ;; esac + umask 077 mkdir -p "$ROOT"/root/.ssh echo "$authorized_key" >> "$ROOT"/root/.ssh/authorized_keys fi |