forked from rpms/openssh
Make ssh-host key migration less conditional
If there is a case where some host keys don't have correct permissions then they won't get migrated. Let's make the migration script attempt migration for the rest of the keys too.
This commit is contained in:
parent
1076e61bfd
commit
21fd6bef5b
@ -736,6 +736,7 @@ test -f %{sysconfig_anaconda} && \
|
||||
%changelog
|
||||
* Mon Mar 06 2023 Dusty Mabe <dusty@dustymabe.com> - 9.0p1-12
|
||||
- Mark /var/lib/.ssh-host-keys-migration as %ghost file
|
||||
- Make ssh-host key migration less conditional
|
||||
|
||||
* Wed Mar 01 2023 Dusty Mabe <dusty@dustymabe.com> - 9.0p1-11
|
||||
- Provide a systemd unit for restoring default host key permissions (rhbz#2172956)
|
||||
|
@ -25,14 +25,12 @@ set -eu -o pipefail
|
||||
# sshd: no hostkeys available -- exiting.
|
||||
#
|
||||
output="$(sshd -T 2>&1 || true)" # expected to fail
|
||||
if grep -q "sshd: no hostkeys available" <<< "$output"; then
|
||||
while read line; do
|
||||
if [[ $line =~ ^Permissions\ [0-9]+\ for\ \'(.*)\'\ are\ too\ open. ]]; then
|
||||
keyfile=${BASH_REMATCH[1]}
|
||||
echo $line
|
||||
echo -e "\t-> changing permissions on $keyfile"
|
||||
chmod --verbose g-r $keyfile
|
||||
chown --verbose root:root $keyfile
|
||||
fi
|
||||
done <<< "$output"
|
||||
fi
|
||||
while read line; do
|
||||
if [[ $line =~ ^Permissions\ [0-9]+\ for\ \'(.*)\'\ are\ too\ open. ]]; then
|
||||
keyfile=${BASH_REMATCH[1]}
|
||||
echo $line
|
||||
echo -e "\t-> changing permissions on $keyfile"
|
||||
chmod --verbose g-r $keyfile
|
||||
chown --verbose root:root $keyfile
|
||||
fi
|
||||
done <<< "$output"
|
||||
|
Loading…
Reference in New Issue
Block a user