Re: [Libguestfs] [PATCH] customize: Create .ssh as 0700 and .ssh/authorized_keys as 0600 (RHBZ#1260778).

Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates .ssh/authorized_keys as 0600. Thanks: Ryan Sawhill for finding the bug.

--- customize/ssh_key.ml | 4 ++-- src/guestfs.pod | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 09664bf..dd6056f 100644 --- a/customize/ssh_key.ml +++ b/customize/ssh_key.ml @@ -119,14 +119,14 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector = let ssh_dir = sprintf "%s/.ssh" home_dir in if not (g#exists ssh_dir) then ( g#mkdir ssh_dir; - g#chmod 0o755 ssh_dir + g#chmod 0o700 ssh_dir ); (* Create ~user/.ssh/authorized_keys if it doesn't exist. *) let auth_keys = sprintf "%s/authorized_keys" ssh_dir in if not (g#exists auth_keys) then ( g#touch auth_keys; - g#chmod 0o644 auth_keys + g#chmod 0o600 auth_keys ); (* Append the key. *) diff --git a/src/guestfs.pod b/src/guestfs.pod index 75afa9d..366d6f5 100644 --- a/src/guestfs.pod +++ b/src/guestfs.pod @@ -2244,6 +2244,23 @@ allowed a malformed filesystem to take over the appliance. If you use sVirt to confine qemu, that would thwart some attacks. +=head2 Permissions of F<.ssh> and F<.ssh/authorized_keys> + +L<https://bugzilla.redhat.com/1260778> + +The tools L<virt-customize(1)>, L<virt-sysprep(1)> and +L<virt-builder(1)> have an I<--ssh-inject> option for injecting an SSH +key into virtual machine disk images. They may create a F<~user/.ssh> +directory and F<~user/.ssh/authorized_keys> file in the guest to do +this. + +In libguestfs E<lt> 1.31.5 and libguestfs E<lt> 1.30.1, the new

+directory and file would get mode C<0755> and mode C<0644> +respectively. However these permissions (especially for +F<~user/.ssh>) are wider than the permissions that OpenSSH uses. In +current libguestfs, the directory and file are created with mode +C<0700> and mode C<0600>. + =head1 CONNECTION MANAGEMENT =head2 guestfs_h *