[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [OSSTEST PATCH 39/62] preseed_base: chmod ssh host private keys to placate sshd
Otherwise: Could not load host key: /etc/ssh/ssh_host_ecdsa_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. key_load_private: bad permissions Could not load host key: /etc/ssh/ssh_host_ed25519_key This seems to start happening with stretch. Presumably stretch is more annoyingly picky than jessie. Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> --- Osstest/Debian.pm | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Osstest/Debian.pm b/Osstest/Debian.pm index aff5acd5..d76dd03d 100644 --- a/Osstest/Debian.pm +++ b/Osstest/Debian.pm @@ -871,6 +871,14 @@ END preseed_hook_overlay($ho, $sfx, $srcdir, $tfilename); }); + # Host private keys in the overlays have to be group-readable + # at least, or no-one can use them. But ssh is very fussy. + preseed_hook_command($ho, 'late_command', $sfx, <<END); +#!/bin/sh +set -ex +chmod 600 /target/etc/ssh/ssh_host_*_key ||: +END + my $preseed = <<"END"; d-i debian-installer/locale string en_GB d-i console-keymaps-at/keymap select gb -- 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |