Richard W.M. Jones
2015-Sep-07 21:16 UTC
[Libguestfs] [PATCH] customize: Create .ssh as 0700 and .ssh/authorized_keys as 0600 (RHBZ#1260778).
Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates .ssh/authorized_keys as 0600. Thanks: Ryan Sawhill for finding the bug. --- customize/ssh_key.ml | 4 ++-- src/guestfs.pod | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 09664bf..dd6056f 100644 --- a/customize/ssh_key.ml +++ b/customize/ssh_key.ml @@ -119,14 +119,14 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector let ssh_dir = sprintf "%s/.ssh" home_dir in if not (g#exists ssh_dir) then ( g#mkdir ssh_dir; - g#chmod 0o755 ssh_dir + g#chmod 0o700 ssh_dir ); (* Create ~user/.ssh/authorized_keys if it doesn't exist. *) let auth_keys = sprintf "%s/authorized_keys" ssh_dir in if not (g#exists auth_keys) then ( g#touch auth_keys; - g#chmod 0o644 auth_keys + g#chmod 0o600 auth_keys ); (* Append the key. *) diff --git a/src/guestfs.pod b/src/guestfs.pod index 75afa9d..366d6f5 100644 --- a/src/guestfs.pod +++ b/src/guestfs.pod @@ -2244,6 +2244,23 @@ allowed a malformed filesystem to take over the appliance. If you use sVirt to confine qemu, that would thwart some attacks. +=head2 Permissions of F<.ssh> and F<.ssh/authorized_keys> + +L<https://bugzilla.redhat.com/1260778> + +The tools L<virt-customize(1)>, L<virt-sysprep(1)> and +L<virt-builder(1)> have an I<--ssh-inject> option for injecting an SSH +key into virtual machine disk images. They may create a F<~user/.ssh> +directory and F<~user/.ssh/authorized_keys> file in the guest to do +this. + +In libguestfs E<lt> 1.31.5 and libguestfs E<lt> 1.30.1, the new +directory and file would get mode C<0755> and mode C<0644> +respectively. However these permissions (especially for +F<~user/.ssh>) are wider than the permissions that OpenSSH uses. In +current libguestfs, the directory and file are created with mode +C<0700> and mode C<0600>. + =head1 CONNECTION MANAGEMENT =head2 guestfs_h * -- 2.5.0
Pino Toscano
2015-Sep-08 08:21 UTC
Re: [Libguestfs] [PATCH] customize: Create .ssh as 0700 and .ssh/authorized_keys as 0600 (RHBZ#1260778).
On Monday 07 September 2015 22:16:47 Richard W.M. Jones wrote:> Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates > .ssh/authorized_keys as 0600. > > Thanks: Ryan Sawhill for finding the bug.Mostly LGTM, except ...> --- > customize/ssh_key.ml | 4 ++-- > src/guestfs.pod | 17 +++++++++++++++++ > 2 files changed, 19 insertions(+), 2 deletions(-) > > diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml > index 09664bf..dd6056f 100644 > --- a/customize/ssh_key.ml > +++ b/customize/ssh_key.ml > @@ -119,14 +119,14 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector > let ssh_dir = sprintf "%s/.ssh" home_dir in > if not (g#exists ssh_dir) then ( > g#mkdir ssh_dir; > - g#chmod 0o755 ssh_dir > + g#chmod 0o700 ssh_dir > ); > > (* Create ~user/.ssh/authorized_keys if it doesn't exist. *) > let auth_keys = sprintf "%s/authorized_keys" ssh_dir in > if not (g#exists auth_keys) then ( > g#touch auth_keys; > - g#chmod 0o644 auth_keys > + g#chmod 0o600 auth_keys > ); > > (* Append the key. *) > diff --git a/src/guestfs.pod b/src/guestfs.pod > index 75afa9d..366d6f5 100644 > --- a/src/guestfs.pod > +++ b/src/guestfs.pod > @@ -2244,6 +2244,23 @@ allowed a malformed filesystem to take over the appliance. > > If you use sVirt to confine qemu, that would thwart some attacks. > > +=head2 Permissions of F<.ssh> and F<.ssh/authorized_keys> > + > +L<https://bugzilla.redhat.com/1260778> > + > +The tools L<virt-customize(1)>, L<virt-sysprep(1)> and > +L<virt-builder(1)> have an I<--ssh-inject> option for injecting an SSH > +key into virtual machine disk images. They may create a F<~user/.ssh> > +directory and F<~user/.ssh/authorized_keys> file in the guest to do > +this. > + > +In libguestfs E<lt> 1.31.5 and libguestfs E<lt> 1.30.1, the new... the stable version here, which should be < 1.30.2.> +directory and file would get mode C<0755> and mode C<0644> > +respectively. However these permissions (especially for > +F<~user/.ssh>) are wider than the permissions that OpenSSH uses. In > +current libguestfs, the directory and file are created with mode > +C<0700> and mode C<0600>. > + > =head1 CONNECTION MANAGEMENT > > =head2 guestfs_h * >Thanks, -- Pino Toscano
Possibly Parallel Threads
- [PATCH] customize: Add --ssh-inject option for injecting SSH keys.
- [PATCH 1/2] customize: minor function factoring in ssh_key
- [PATCH 2/2] customize: fix ownership when creating ~/.ssh/authorized_keys (RHBZ#1337561)
- [PATCH] customize: Add --ssh-inject option for injecting SSH keys.
- [PATCH 0/4] Replace some uses of the Str module with PCRE.