From 21fd6bef5b21a2a622ce378f3784f68792b189fc Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sun, 5 Mar 2023 22:51:10 -0500 Subject: [PATCH] Make ssh-host key migration less conditional If there is a case where some host keys don't have correct permissions then they won't get migrated. Let's make the migration script attempt migration for the rest of the keys too. --- openssh.spec | 1 + ssh-host-keys-migration.sh | 20 +++++++++----------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/openssh.spec b/openssh.spec index fb52c37..b88a098 100644 --- a/openssh.spec +++ b/openssh.spec @@ -736,6 +736,7 @@ test -f %{sysconfig_anaconda} && \ %changelog * Mon Mar 06 2023 Dusty Mabe - 9.0p1-12 - Mark /var/lib/.ssh-host-keys-migration as %ghost file +- Make ssh-host key migration less conditional * Wed Mar 01 2023 Dusty Mabe - 9.0p1-11 - Provide a systemd unit for restoring default host key permissions (rhbz#2172956) diff --git a/ssh-host-keys-migration.sh b/ssh-host-keys-migration.sh index f01ab86..083326e 100644 --- a/ssh-host-keys-migration.sh +++ b/ssh-host-keys-migration.sh @@ -25,14 +25,12 @@ set -eu -o pipefail # sshd: no hostkeys available -- exiting. # output="$(sshd -T 2>&1 || true)" # expected to fail -if grep -q "sshd: no hostkeys available" <<< "$output"; then - while read line; do - if [[ $line =~ ^Permissions\ [0-9]+\ for\ \'(.*)\'\ are\ too\ open. ]]; then - keyfile=${BASH_REMATCH[1]} - echo $line - echo -e "\t-> changing permissions on $keyfile" - chmod --verbose g-r $keyfile - chown --verbose root:root $keyfile - fi - done <<< "$output" -fi +while read line; do + if [[ $line =~ ^Permissions\ [0-9]+\ for\ \'(.*)\'\ are\ too\ open. ]]; then + keyfile=${BASH_REMATCH[1]} + echo $line + echo -e "\t-> changing permissions on $keyfile" + chmod --verbose g-r $keyfile + chown --verbose root:root $keyfile + fi +done <<< "$output"