This file does not have to be readable by anybody else than the user running an OpenSSH server. While it does not really contain confidential information, exposing it to the rest of the world makes no sense either.
This will silence a Lynis warning. :-)
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- lfs/openssh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lfs/openssh b/lfs/openssh index 3117e996c..ced1a7db9 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -84,7 +84,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install
# install custom OpenSSH server configuration - install -v -m 644 $(DIR_SRC)/config/ssh/sshd_config \ + install -v -m 600 $(DIR_SRC)/config/ssh/sshd_config \ /etc/ssh/sshd_config
# install custom OpenSSH client configuration
LOL, it is publicly available in our Git repository.
I wasn’t aware that lynis is doing a lot of security by obscurity.
-Michael
On 30 May 2021, at 11:33, Peter Müller peter.mueller@ipfire.org wrote:
This file does not have to be readable by anybody else than the user running an OpenSSH server. While it does not really contain confidential information, exposing it to the rest of the world makes no sense either.
This will silence a Lynis warning. :-)
Signed-off-by: Peter Müller peter.mueller@ipfire.org
lfs/openssh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lfs/openssh b/lfs/openssh index 3117e996c..ced1a7db9 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -84,7 +84,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install
# install custom OpenSSH server configuration
- install -v -m 644 $(DIR_SRC)/config/ssh/sshd_config \
install -v -m 600 $(DIR_SRC)/config/ssh/sshd_config \ /etc/ssh/sshd_config
# install custom OpenSSH client configuration
-- 2.26.2
-
Michael Tremer -
Peter Müller