Make ssh-host key migration less conditional

If there is a case where some host keys don't have correct permissions then they won't get migrated. Let's make the migration script attempt migration for the rest of the keys too.
2023-03-05 22:51:10 -05:00 · 2023-03-05 22:51:10 -05:00 · 21fd6bef5b
commit 21fd6bef5b
parent 1076e61bfd
2 changed files with 10 additions and 11 deletions
--- a/openssh.spec
+++ b/openssh.spec
@ -736,6 +736,7 @@ test -f %{sysconfig_anaconda} && \
 %changelog
 * Mon Mar 06 2023 Dusty Mabe <dusty@dustymabe.com> - 9.0p1-12
 - Mark /var/lib/.ssh-host-keys-migration as %ghost file
 - Make ssh-host key migration less conditional
 * Wed Mar 01 2023 Dusty Mabe <dusty@dustymabe.com> - 9.0p1-11
 - Provide a systemd unit for restoring default host key permissions (rhbz#2172956)
--- a/ssh-host-keys-migration.sh
+++ b/ssh-host-keys-migration.sh
@ -25,14 +25,12 @@ set -eu -o pipefail
 # sshd: no hostkeys available -- exiting.
 #
 output="$(sshd -T 2>&1 || true)" # expected to fail
-if grep -q "sshd: no hostkeys available" <<< "$output"; then
+while read line; do
-    while read line; do
+    if [[ $line =~ ^Permissions\ [0-9]+\ for\ \'(.*)\'\ are\ too\ open. ]]; then
-        if [[ $line =~ ^Permissions\ [0-9]+\ for\ \'(.*)\'\ are\ too\ open. ]]; then
+        keyfile=${BASH_REMATCH[1]}
-            keyfile=${BASH_REMATCH[1]}
+        echo $line
-            echo $line
+        echo -e "\t-> changing permissions on $keyfile"
-            echo -e "\t-> changing permissions on $keyfile"
+        chmod --verbose g-r $keyfile
-            chmod --verbose g-r $keyfile
+        chown --verbose root:root $keyfile
-            chown --verbose root:root $keyfile
+    fi
-        fi
+done <<< "$output"
    done <<< "$output"
 fi