You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2021/05/05 06:55:28 UTC
[karaf] branch karaf-4.2.x updated: [KARAF-7131] etc/host.key &
etc/host.key.pub are readable/writable only by karaf user (owner)
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch karaf-4.2.x
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/karaf-4.2.x by this push:
new 9fa32e2 [KARAF-7131] etc/host.key & etc/host.key.pub are readable/writable only by karaf user (owner)
9fa32e2 is described below
commit 9fa32e2b5de74adc1cffcd9dae9dff092476f808
Author: jbonofre <jb...@apache.org>
AuthorDate: Tue May 4 18:06:22 2021 +0200
[KARAF-7131] etc/host.key & etc/host.key.pub are readable/writable only by karaf user (owner)
(cherry picked from commit 99000721fb189bd1f54dacfaa887eec89edbbaf7)
---
.../shell/ssh/keygenerator/OpenSSHKeyPairProvider.java | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java
index 332232a..ae3636f 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java
@@ -28,6 +28,7 @@ import java.io.ObjectStreamClass;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
+import java.nio.file.attribute.PosixFilePermission;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
@@ -38,6 +39,8 @@ import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
+import java.util.HashSet;
+import java.util.Set;
import org.apache.commons.ssl.PKCS8Key;
import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
@@ -146,6 +149,16 @@ public class OpenSSHKeyPairProvider extends AbstractKeyPairProvider {
LOGGER.info("Creating ssh server private key at " + privateKeyPath);
KeyPair kp = new OpenSSHKeyPairGenerator(algorithm, keySize).generate();
new PemWriter(privateKeyPath, publicKeyPath).writeKeyPair(algorithm, kp);
+ LOGGER.debug("Changing key files permissions");
+ Set<PosixFilePermission> permissions = new HashSet<>();
+ permissions.add(PosixFilePermission.OWNER_READ);
+ permissions.add(PosixFilePermission.OWNER_WRITE);
+ try {
+ Files.setPosixFilePermissions(privateKeyPath, permissions);
+ Files.setPosixFilePermissions(publicKeyPath, permissions);
+ } catch (Exception e) {
+ System.out.println(e);
+ }
return kp;
} catch (Exception e) {
throw new RuntimeException("Key file generation failed", e);