Richard W.M. Jones
2015-Sep-07 21:16 UTC
[Libguestfs] [PATCH] customize: Create .ssh as 0700 and .ssh/authorized_keys as 0600 (RHBZ#1260778).
Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates
.ssh/authorized_keys as 0600.
Thanks: Ryan Sawhill for finding the bug.
---
customize/ssh_key.ml | 4 ++--
src/guestfs.pod | 17 +++++++++++++++++
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml
index 09664bf..dd6056f 100644
--- a/customize/ssh_key.ml
+++ b/customize/ssh_key.ml
@@ -119,14 +119,14 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector
let ssh_dir = sprintf "%s/.ssh" home_dir in
if not (g#exists ssh_dir) then (
g#mkdir ssh_dir;
- g#chmod 0o755 ssh_dir
+ g#chmod 0o700 ssh_dir
);
(* Create ~user/.ssh/authorized_keys if it doesn't exist. *)
let auth_keys = sprintf "%s/authorized_keys" ssh_dir in
if not (g#exists auth_keys) then (
g#touch auth_keys;
- g#chmod 0o644 auth_keys
+ g#chmod 0o600 auth_keys
);
(* Append the key. *)
diff --git a/src/guestfs.pod b/src/guestfs.pod
index 75afa9d..366d6f5 100644
--- a/src/guestfs.pod
+++ b/src/guestfs.pod
@@ -2244,6 +2244,23 @@ allowed a malformed filesystem to take over the
appliance.
If you use sVirt to confine qemu, that would thwart some attacks.
+=head2 Permissions of F<.ssh> and F<.ssh/authorized_keys>
+
+L<https://bugzilla.redhat.com/1260778>
+
+The tools L<virt-customize(1)>, L<virt-sysprep(1)> and
+L<virt-builder(1)> have an I<--ssh-inject> option for injecting an
SSH
+key into virtual machine disk images. They may create a F<~user/.ssh>
+directory and F<~user/.ssh/authorized_keys> file in the guest to do
+this.
+
+In libguestfs E<lt> 1.31.5 and libguestfs E<lt> 1.30.1, the new
+directory and file would get mode C<0755> and mode C<0644>
+respectively. However these permissions (especially for
+F<~user/.ssh>) are wider than the permissions that OpenSSH uses. In
+current libguestfs, the directory and file are created with mode
+C<0700> and mode C<0600>.
+
=head1 CONNECTION MANAGEMENT
=head2 guestfs_h *
--
2.5.0
Pino Toscano
2015-Sep-08 08:21 UTC
Re: [Libguestfs] [PATCH] customize: Create .ssh as 0700 and .ssh/authorized_keys as 0600 (RHBZ#1260778).
On Monday 07 September 2015 22:16:47 Richard W.M. Jones wrote:> Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates > .ssh/authorized_keys as 0600. > > Thanks: Ryan Sawhill for finding the bug.Mostly LGTM, except ...> --- > customize/ssh_key.ml | 4 ++-- > src/guestfs.pod | 17 +++++++++++++++++ > 2 files changed, 19 insertions(+), 2 deletions(-) > > diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml > index 09664bf..dd6056f 100644 > --- a/customize/ssh_key.ml > +++ b/customize/ssh_key.ml > @@ -119,14 +119,14 @@ let do_ssh_inject_unix (g : Guestfs.guestfs) user selector > let ssh_dir = sprintf "%s/.ssh" home_dir in > if not (g#exists ssh_dir) then ( > g#mkdir ssh_dir; > - g#chmod 0o755 ssh_dir > + g#chmod 0o700 ssh_dir > ); > > (* Create ~user/.ssh/authorized_keys if it doesn't exist. *) > let auth_keys = sprintf "%s/authorized_keys" ssh_dir in > if not (g#exists auth_keys) then ( > g#touch auth_keys; > - g#chmod 0o644 auth_keys > + g#chmod 0o600 auth_keys > ); > > (* Append the key. *) > diff --git a/src/guestfs.pod b/src/guestfs.pod > index 75afa9d..366d6f5 100644 > --- a/src/guestfs.pod > +++ b/src/guestfs.pod > @@ -2244,6 +2244,23 @@ allowed a malformed filesystem to take over the appliance. > > If you use sVirt to confine qemu, that would thwart some attacks. > > +=head2 Permissions of F<.ssh> and F<.ssh/authorized_keys> > + > +L<https://bugzilla.redhat.com/1260778> > + > +The tools L<virt-customize(1)>, L<virt-sysprep(1)> and > +L<virt-builder(1)> have an I<--ssh-inject> option for injecting an SSH > +key into virtual machine disk images. They may create a F<~user/.ssh> > +directory and F<~user/.ssh/authorized_keys> file in the guest to do > +this. > + > +In libguestfs E<lt> 1.31.5 and libguestfs E<lt> 1.30.1, the new... the stable version here, which should be < 1.30.2.> +directory and file would get mode C<0755> and mode C<0644> > +respectively. However these permissions (especially for > +F<~user/.ssh>) are wider than the permissions that OpenSSH uses. In > +current libguestfs, the directory and file are created with mode > +C<0700> and mode C<0600>. > + > =head1 CONNECTION MANAGEMENT > > =head2 guestfs_h * >Thanks, -- Pino Toscano
Possibly Parallel Threads
- [PATCH] customize: Add --ssh-inject option for injecting SSH keys.
- [PATCH 1/2] customize: minor function factoring in ssh_key
- [PATCH 2/2] customize: fix ownership when creating ~/.ssh/authorized_keys (RHBZ#1337561)
- [PATCH] customize: Add --ssh-inject option for injecting SSH keys.
- [PATCH 0/4] Replace some uses of the Str module with PCRE.