From 71bf983fca360479740312d7acbe4e33457fda7e Mon Sep 17 00:00:00 2001
From: Jan F <jfch@cauvin.jagda.eu>
Date: Fri, 22 Apr 2011 11:30:31 +0200
Subject: [PATCH] the private keys may be 640 root:ssh_keys ssh_keysign is sgid

---
 sshd.init | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/sshd.init b/sshd.init
index 889c776..7666070 100755
--- a/sshd.init
+++ b/sshd.init
@@ -51,7 +51,8 @@ do_rsa1_keygen() {
 		echo -n $"Generating SSH1 RSA host key: "
 		rm -f $RSA1_KEY
 		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $RSA1_KEY
+			chgrp ssh_keys $RSA1_KEY
+			chmod 640 $RSA1_KEY
 			chmod 644 $RSA1_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $RSA1_KEY.pub
@@ -71,7 +72,8 @@ do_rsa_keygen() {
 		echo -n $"Generating SSH2 RSA host key: "
 		rm -f $RSA_KEY
 		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $RSA_KEY
+			chgrp ssh_keys $RSA_KEY
+			chmod 640 $RSA_KEY
 			chmod 644 $RSA_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $RSA_KEY.pub
@@ -91,7 +93,8 @@ do_dsa_keygen() {
 		echo -n $"Generating SSH2 DSA host key: "
 		rm -f $DSA_KEY
 		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $DSA_KEY
+			chgrp ssh_keys $DSA_KEY
+			chmod 640 $DSA_KEY
 			chmod 644 $DSA_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $DSA_KEY.pub