mirror of
https://github.com/xcat2/xcat-core.git
synced 2025-05-29 17:23:08 +00:00
fix issue Wrong permissions for ssh host private keys on CentOS 7 #2617
This commit is contained in:
immarvin
parent
b3bbdcb755
commit
cd96ea74c8
@ -969,6 +969,10 @@ sub genSSHNodeHostKey
|
||||
#
|
||||
# generate new hostkeys
|
||||
#
|
||||
|
||||
my ($rlogin,$rpass,$ruid,$rgid) = getpwnam("root");
|
||||
my ($sname, $spasswd,$sgid,$smembers)=getgrnam("ssh_keys");
|
||||
my @sshkeylist;
|
||||
xCAT::MsgUtils->message('I', "Generating new node hostkeys...");
|
||||
xCAT::MsgUtils->message('I', "Generating SSH2 RSA Key...");
|
||||
my $cmd =
|
||||
@ -978,6 +982,10 @@ sub genSSHNodeHostKey
|
||||
{
|
||||
xCAT::MsgUtils->message('E', "Could not generate SSH2 RSA key.");
|
||||
}
|
||||
else{
|
||||
push @sshkeylist,"/etc/xcat/hostkeys/ssh_host_rsa_key";
|
||||
}
|
||||
|
||||
|
||||
xCAT::MsgUtils->message('I', "Generating SSH2 DSA Key...");
|
||||
$cmd =
|
||||
@ -987,6 +995,9 @@ sub genSSHNodeHostKey
|
||||
{
|
||||
xCAT::MsgUtils->message('E', "Could not generate SSH2 DSA key.");
|
||||
}
|
||||
else{
|
||||
push @sshkeylist,"/etc/xcat/hostkeys/ssh_host_dsa_key";
|
||||
}
|
||||
|
||||
# see if this system supports the ecdsa
|
||||
xCAT::Utils->runcmd('rm -rf /tmp/ecdsa_key >/dev/null 2>&1 ; /usr/bin/ssh-keygen -t ecdsa -f /tmp/ecdsa_key -P "" &>/dev/null', 0);
|
||||
@ -999,8 +1010,17 @@ sub genSSHNodeHostKey
|
||||
{
|
||||
xCAT::MsgUtils->message('E', "Could not generate SSH2 ECDSA key.");
|
||||
}
|
||||
else{
|
||||
push @sshkeylist,"/etc/xcat/hostkeys/ssh_host_ecdsa_key";
|
||||
}
|
||||
}
|
||||
|
||||
if(@sshkeylist){
|
||||
if(defined $ruid && defined $sgid){
|
||||
chown $ruid,$sgid,@sshkeylist;
|
||||
}
|
||||
chmod 0640,@sshkeylist;
|
||||
}
|
||||
|
||||
# copy the public keys to install directory
|
||||
$cmd =
|
||||
|
||||
@ -149,7 +149,8 @@ if [ $? -ne 0 ]; then
|
||||
getcredentials.awk ssh_dsa_hostkey | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_dsa_key
|
||||
MYCONT=`cat /etc/ssh/ssh_host_dsa_key`
|
||||
done
|
||||
chmod 600 /etc/ssh/ssh_host_dsa_key
|
||||
chown root:ssh_keys /etc/ssh/ssh_host_dsa_key
|
||||
chmod 640 /etc/ssh/ssh_host_dsa_key
|
||||
if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_dsa_key > /dev/null 2>&1 ; then
|
||||
rm /etc/ssh/ssh_host_dsa_key
|
||||
else
|
||||
@ -215,13 +216,14 @@ if [ $? -ne 0 ]; then
|
||||
getcredentials.awk ssh_rsa_hostkey | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_rsa_key
|
||||
MYCONT=`cat /etc/ssh/ssh_host_rsa_key`
|
||||
done
|
||||
chmod 600 /etc/ssh/ssh_host_rsa_key
|
||||
chown root:ssh_keys /etc/ssh/ssh_host_rsa_key
|
||||
chmod 640 /etc/ssh/ssh_host_rsa_key
|
||||
if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_rsa_key > /dev/null 2>&1 ; then
|
||||
rm /etc/ssh/ssh_host_rsa_key
|
||||
else
|
||||
ssh-keygen -y -f /etc/ssh/ssh_host_rsa_key > /etc/ssh/ssh_host_rsa_key.pub
|
||||
chmod 644 /etc/ssh/ssh_host_rsa_key.pub
|
||||
chown root /etc/ssh/ssh_host_rsa_key.pub
|
||||
chmod 644 /etc/ssh/ssh_host_rsa_key.pub
|
||||
chown root /etc/ssh/ssh_host_rsa_key.pub
|
||||
fi
|
||||
else
|
||||
#This is an error message
|
||||
@ -286,7 +288,8 @@ if ssh-keygen -t ecdsa -f /tmp/ecdsa_key -P "" &>/dev/null ; then
|
||||
getcredentials.awk ssh_ecdsa_hostkey | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_ecdsa_key
|
||||
MYCONT=`cat /etc/ssh/ssh_host_ecdsa_key`
|
||||
done
|
||||
chmod 600 /etc/ssh/ssh_host_ecdsa_key
|
||||
chown root:ssh_keys /etc/ssh/ssh_host_ecdsa_key
|
||||
chmod 640 /etc/ssh/ssh_host_ecdsa_key
|
||||
if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_ecdsa_key > /dev/null 2>&1 ; then
|
||||
rm /etc/ssh/ssh_host_ecdsa_key
|
||||
else
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user