assistant: Ensure that .ssh/config and .ssh/authorized_keys are not group or world writable when writing to those files, as that can make ssh refuse to use them, if it allows another user to write to them.
This commit is contained in:
Joey Hess
parent
18331b7235
commit
fdcc04096c
4 changed files with 30 additions and 3 deletions
|
|
@ -10,6 +10,7 @@ module Utility.SshConfig where
|
|||
import Common
|
||||
import Utility.UserInfo
|
||||
import Utility.Tmp
|
||||
import Utility.FileMode
|
||||
|
||||
import Data.Char
|
||||
import Data.Ord
|
||||
|
|
@ -117,7 +118,19 @@ changeUserSshConfig modifier = do
|
|||
c <- readFileStrict configfile
|
||||
let c' = modifier c
|
||||
when (c /= c') $
|
||||
viaTmp writeFile configfile c'
|
||||
viaTmp writeSshConfig configfile c'
|
||||
|
||||
writeSshConfig :: FilePath -> String -> IO ()
|
||||
writeSshConfig f s = do
|
||||
writeFile f s
|
||||
setSshConfigMode f
|
||||
|
||||
{- Ensure that the ssh config file lacks any group or other write bits,
|
||||
- since ssh is paranoid about not working if other users can write
|
||||
- to one of its config files (.ssh/config and .ssh/authorized_keys) -}
|
||||
setSshConfigMode :: FilePath -> IO ()
|
||||
setSshConfigMode f = modifyFileMode f $
|
||||
removeModes [groupWriteMode, otherWriteMode]
|
||||
|
||||
sshDir :: IO FilePath
|
||||
sshDir = do
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue