You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2021/05/05 06:55:28 UTC

[karaf] branch karaf-4.2.x updated: [KARAF-7131] etc/host.key & etc/host.key.pub are readable/writable only by karaf user (owner)

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch karaf-4.2.x
in repository https://gitbox.apache.org/repos/asf/karaf.git


The following commit(s) were added to refs/heads/karaf-4.2.x by this push:
     new 9fa32e2  [KARAF-7131] etc/host.key & etc/host.key.pub are readable/writable only by karaf user (owner)
9fa32e2 is described below

commit 9fa32e2b5de74adc1cffcd9dae9dff092476f808
Author: jbonofre <jb...@apache.org>
AuthorDate: Tue May 4 18:06:22 2021 +0200

    [KARAF-7131] etc/host.key & etc/host.key.pub are readable/writable only by karaf user (owner)
    
    (cherry picked from commit 99000721fb189bd1f54dacfaa887eec89edbbaf7)
---
 .../shell/ssh/keygenerator/OpenSSHKeyPairProvider.java      | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java
index 332232a..ae3636f 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java
@@ -28,6 +28,7 @@ import java.io.ObjectStreamClass;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.attribute.PosixFilePermission;
 import java.security.GeneralSecurityException;
 import java.security.KeyFactory;
 import java.security.KeyPair;
@@ -38,6 +39,8 @@ import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Base64;
+import java.util.HashSet;
+import java.util.Set;
 
 import org.apache.commons.ssl.PKCS8Key;
 import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
@@ -146,6 +149,16 @@ public class OpenSSHKeyPairProvider extends AbstractKeyPairProvider {
             LOGGER.info("Creating ssh server private key at " + privateKeyPath);
             KeyPair kp = new OpenSSHKeyPairGenerator(algorithm, keySize).generate();
             new PemWriter(privateKeyPath, publicKeyPath).writeKeyPair(algorithm, kp);
+            LOGGER.debug("Changing key files permissions");
+            Set<PosixFilePermission> permissions = new HashSet<>();
+            permissions.add(PosixFilePermission.OWNER_READ);
+            permissions.add(PosixFilePermission.OWNER_WRITE);
+            try {
+                Files.setPosixFilePermissions(privateKeyPath, permissions);
+                Files.setPosixFilePermissions(publicKeyPath, permissions);
+            } catch (Exception e) {
+                System.out.println(e);
+            }
             return kp;
         } catch (Exception e) {
             throw new RuntimeException("Key file generation failed", e);