valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 09:23:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ssh: keep original permissions, when hashing known_hosts

Browse Source 
ssh-keygen sets the newly created known_hosts file's permissions to
0600. It's good for user's personal files, but bad idea for the global
ones, like /etc/ssh/ssh_known_hosts. This patch record's the original
file's permissions, and sets them on the hashed one after hashing.
This commit is contained in:
Tamas Pal 2016-06-10 12:54:08 +02:00
parent c71b1c0f5c
commit 4c691cf51b
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
salt/modules/ssh.py
View File

@ -1175,8 +1175,10 @@ def hash_known_hosts(user=None, config=None):
if not os.path.isfile(full):
return {'status': 'error',
'error': 'Known hosts file {0} does not exist'.format(full)}
origmode = os.stat(full).st_mode
cmd = ['ssh-keygen', '-H', '-f', full]
cmd_result = __salt__['cmd.run'](cmd, python_shell=False)
os.stat(full, origmode)
# ssh-keygen creates a new file, thus a chown is required.
if os.geteuid() == 0 and user:
uinfo = __salt__['user.info'](user)