mirror of
https://git.FreeBSD.org/src.git
synced 2024-11-24 07:40:52 +00:00
nuageinit: Set recommended SSH permissions
As stated in sshd(8), the recommended permissions for ~/.ssh are read/write/execute for the user, and not accessible by others; and the recommended permissions for ~/.ssh/authorized_keys are read/write for the user, and not accessible by others.
This commit is contained in:
parent
7b73ecfe64
commit
07d17ca189
@ -205,9 +205,11 @@ local function addsshkey(homedir, key)
|
||||
f:write(key .. "\n")
|
||||
f:close()
|
||||
if chownak then
|
||||
os.execute("chmod 0600 " .. ak_path)
|
||||
pu.chown(ak_path, dirattrs.uid, dirattrs.gid)
|
||||
end
|
||||
if chowndotssh then
|
||||
os.execute("chmod 0700 " .. dotssh_path)
|
||||
pu.chown(dotssh_path, dirattrs.uid, dirattrs.gid)
|
||||
end
|
||||
end
|
||||
|
@ -17,6 +17,8 @@ addsshkey_body() {
|
||||
if [ ! -f .ssh/authorized_keys ]; then
|
||||
atf_fail "ssh key not added"
|
||||
fi
|
||||
atf_check -o inline:".ssh: 040700 [drwx------ ] -> 040700 [drwx------ ]\n" chmod -vv 0700 .ssh
|
||||
atf_check -o inline:".ssh/authorized_keys: 0100600 [-rw------- ] -> 0100600 [-rw------- ]\n" chmod -vv 0600 .ssh/authorized_keys
|
||||
atf_check -o inline:"mykey\n" cat .ssh/authorized_keys
|
||||
atf_check /usr/libexec/flua $(atf_get_srcdir)/addsshkey.lua
|
||||
atf_check -o inline:"mykey\nmykey\n" cat .ssh/authorized_keys
|
||||
|
Loading…
Reference in New Issue
Block a user