OpenSSH: restrict file permissions for sshd_config to 0600
Commit Message
This file does not have to be readable by anybody else than the user
running an OpenSSH server. While it does not really contain confidential
information, exposing it to the rest of the world makes no sense either.
This will silence a Lynis warning. :-)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
lfs/openssh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
LOL, it is publicly available in our Git repository.
I wasn’t aware that lynis is doing a lot of security by obscurity.
-Michael
> On 30 May 2021, at 11:33, Peter Müller <peter.mueller@ipfire.org> wrote:
>
> This file does not have to be readable by anybody else than the user
> running an OpenSSH server. While it does not really contain confidential
> information, exposing it to the rest of the world makes no sense either.
>
> This will silence a Lynis warning. :-)
>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> lfs/openssh | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lfs/openssh b/lfs/openssh
> index 3117e996c..ced1a7db9 100644
> --- a/lfs/openssh
> +++ b/lfs/openssh
> @@ -84,7 +84,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> cd $(DIR_APP) && make install
>
> # install custom OpenSSH server configuration
> - install -v -m 644 $(DIR_SRC)/config/ssh/sshd_config \
> + install -v -m 600 $(DIR_SRC)/config/ssh/sshd_config \
> /etc/ssh/sshd_config
>
> # install custom OpenSSH client configuration
> --
> 2.26.2
@@ -84,7 +84,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && make install
# install custom OpenSSH server configuration
- install -v -m 644 $(DIR_SRC)/config/ssh/sshd_config \
+ install -v -m 600 $(DIR_SRC)/config/ssh/sshd_config \
/etc/ssh/sshd_config
# install custom OpenSSH client configuration