upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-04 22:32:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

nuageinit: Set recommended SSH permissions

Browse source 
As stated in sshd(8), the recommended permissions for ~/.ssh are
read/write/execute for the user, and not accessible by others; and the
recommended permissions for ~/.ssh/authorized_keys are read/write for
the user, and not accessible by others.
This commit is contained in:
Jose Luis Duran 2024-07-23 08:59:09 +00:00 committed by Baptiste Daroussin
parent 7b73ecfe64
commit 07d17ca189
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
libexec/nuageinit/nuage.lua
View file

@ -205,9 +205,11 @@ local function addsshkey(homedir, key)
f:write(key .. "\n")
f:close()
if chownak then
os.execute("chmod 0600 " .. ak_path)
pu.chown(ak_path, dirattrs.uid, dirattrs.gid)
end
if chowndotssh then
os.execute("chmod 0700 " .. dotssh_path)
pu.chown(dotssh_path, dirattrs.uid, dirattrs.gid)
end
end

2
libexec/nuageinit/tests/nuage.sh
View file

@ -17,6 +17,8 @@ addsshkey_body() {
if [ ! -f .ssh/authorized_keys ]; then
atf_fail "ssh key not added"
fi
atf_check -o inline:".ssh: 040700 [drwx------ ] -> 040700 [drwx------ ]\n" chmod -vv 0700 .ssh
atf_check -o inline:".ssh/authorized_keys: 0100600 [-rw------- ] -> 0100600 [-rw------- ]\n" chmod -vv 0600 .ssh/authorized_keys
atf_check -o inline:"mykey\n" cat .ssh/authorized_keys
atf_check /usr/libexec/flua $(atf_get_srcdir)/addsshkey.lua
atf_check -o inline:"mykey\nmykey\n" cat .ssh/authorized_keys