Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates
.ssh/authorized_keys as 0600.
Thanks: Ryan Sawhill for finding the bug.
---
customize/ssh_key.ml | 4 ++--
src/guestfs.pod | 17 +++++++++++++++++
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml
index 09664bf..dd6056f 100644
--- a/customize/ssh_key.ml
+++ b/customize/ssh_key.ml
@@ -119,14 +119,14 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector =
let ssh_dir = sprintf "%s/.ssh" home_dir in
if not (g#exists ssh_dir) then (
g#mkdir ssh_dir;
- g#chmod 0o755 ssh_dir
+ g#chmod 0o700 ssh_dir
);
(* Create ~user/.ssh/authorized_keys if it doesn't exist. *)
let auth_keys = sprintf "%s/authorized_keys" ssh_dir in
if not (g#exists auth_keys) then (
g#touch auth_keys;
- g#chmod 0o644 auth_keys
+ g#chmod 0o600 auth_keys
);
(* Append the key. *)
diff --git a/src/guestfs.pod b/src/guestfs.pod
index 75afa9d..366d6f5 100644
--- a/src/guestfs.pod
+++ b/src/guestfs.pod
@@ -2244,6 +2244,23 @@ allowed a malformed filesystem to take over the appliance.
If you use sVirt to confine qemu, that would thwart some attacks.
+=head2 Permissions of F<.ssh> and F<.ssh/authorized_keys>
+
+L<https://bugzilla.redhat.com/1260778>
+
+The tools L<virt-customize(1)>, L<virt-sysprep(1)> and
+L<virt-builder(1)> have an I<--ssh-inject> option for injecting an SSH
+key into virtual machine disk images. They may create a F<~user/.ssh>
+directory and F<~user/.ssh/authorized_keys> file in the guest to do
+this.
+
+In libguestfs E<lt> 1.31.5 and libguestfs E<lt> 1.30.1, the new
+directory and file would get mode C<0755> and mode C<0644>
+respectively. However these permissions (especially for
+F<~user/.ssh>) are wider than the permissions that OpenSSH uses. In
+current libguestfs, the directory and file are created with mode
+C<0700> and mode C<0600>.
+
=head1 CONNECTION MANAGEMENT
=head2 guestfs_h *
--
2.5.0