-
Notifications
You must be signed in to change notification settings - Fork 174
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change private key permissions to 600 #6833
base: master
Are you sure you want to change the base?
Conversation
OpenSSH will not load private keys with permissive permissions. Setting permission to 600 allows OpenSSH to start and load the created private keys.
@nealep Thank you again for the pull request. The pull requests you have opened recently have been very helpful; I think it would greatly benefit the xCAT project if you could formally join the project as a contributor. Are you interested in joining the project as a contributor by submitting a Contributor License Agreement? |
Sure, that'd be great! I'll have to get the CCLA put through legal, though, which will take some time. |
@nealep I understand that obtaining legal approvals can be time consuming, so for these existing pull requests, the xCAT core team may create equivalent pull requests to address these issues so the changes can be included in the next release. In the long term, we do appreciate your support of the project in whatever manner is most efficient for you. If you are able and willing to pursue getting approval to submit a CLA and CCLA, we would be happy to have you become a formal xCAT contributor. If that process becomes too much of a burden, we still welcome your participation, even if we are not able to directly accept pull requests. Thanks again! |
I'm going to go ahead and submit the CCLA to the legal folks. No idea what the turn around time might be so in the meantime it's probably worth the xCAT maintainers making a duplicate PR for this and xcat2/goconserver#64 then pulling in the changes that way. I'm sure you'll hear from me when the form gets signed! |
I couldn't recreate issue #6832 with centos7.8 images and rhels8.2 images.
we should change the permission to 600. only allow root to read/write. |
|
The PR is to fix issue #6832
Some versions of OpenSSH will not load private keys with permissive permissions. Setting permission to 600 allows OpenSSH to start and load the created private keys and avoid some downstream errors during postbootscript sequences.
The modification include