the private keys may be 640 root:ssh_keys ssh_keysign is sgid

2011-04-22 11:30:31 +02:00 · 2011-04-22 11:30:31 +02:00 · 71bf983fca
commit 71bf983fca
parent a8dc50b17f
1 changed files with 6 additions and 3 deletions
--- a/sshd.init
+++ b/sshd.init
@ -51,7 +51,8 @@ do_rsa1_keygen() {
 		echo -n $"Generating SSH1 RSA host key: "
 		rm -f $RSA1_KEY
 		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $RSA1_KEY
+			chgrp ssh_keys $RSA1_KEY
 			chmod 640 $RSA1_KEY
 			chmod 644 $RSA1_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $RSA1_KEY.pub
@ -71,7 +72,8 @@ do_rsa_keygen() {
 		echo -n $"Generating SSH2 RSA host key: "
 		rm -f $RSA_KEY
 		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $RSA_KEY
+			chgrp ssh_keys $RSA_KEY
 			chmod 640 $RSA_KEY
 			chmod 644 $RSA_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $RSA_KEY.pub
@ -91,7 +93,8 @@ do_dsa_keygen() {
 		echo -n $"Generating SSH2 DSA host key: "
 		rm -f $DSA_KEY
 		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $DSA_KEY
+			chgrp ssh_keys $DSA_KEY
 			chmod 640 $DSA_KEY
 			chmod 644 $DSA_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $DSA_KEY.pub