diff options
author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-11-30 17:28:37 -0700 |
---|---|---|
committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-11-30 17:29:55 -0700 |
commit | 56bff6a325fc082775270aea256b4497e5d2c1ce (patch) | |
tree | 18e9a2630d802755b89e9c99cf6f57630d8e6f4a /etc/sshd | |
parent | d44798f7a8a0fe54d4e676805c80e8ff82d5e41a (diff) | |
download | pfsense-56bff6a325fc082775270aea256b4497e5d2c1ce.zip pfsense-56bff6a325fc082775270aea256b4497e5d2c1ce.tar.gz |
Make sure host private key permissions aren't too open so sshd won't complain.
Diffstat (limited to 'etc/sshd')
-rwxr-xr-x | etc/sshd | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -53,7 +53,14 @@ if($g['platform'] == "nanobsd" and file_exists("/conf/sshd/ssh_host_key")) { if(!file_exists("/etc/ssh/ssh_host_key.pub")) { echo "Restoring SSH from /conf/sshd/"; - exec("cp /conf/sshd/* /etc/ssh/"); + exec("/bin/cp -p /conf/sshd/* /etc/ssh/"); + + /* make sure host private key permissions aren't too open so sshd won't complain */ + $files_to_check = array('ssh_host_dsa_key','ssh_host_key','ssh_host_rsa_key'); + foreach($files_to_check as $f2c) { + if(file_exists("/etc/ssh/{$f2c}")) + chmod("/etc/ssh/{$f2c}", 0600); + } } } |