summaryrefslogtreecommitdiff
path: root/cloudinit/config/cc_ssh.py
diff options
context:
space:
mode:
Diffstat (limited to 'cloudinit/config/cc_ssh.py')
-rw-r--r--cloudinit/config/cc_ssh.py8
1 files changed, 6 insertions, 2 deletions
diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py
index 57129776..7c9ae36b 100644
--- a/cloudinit/config/cc_ssh.py
+++ b/cloudinit/config/cc_ssh.py
@@ -279,9 +279,13 @@ def handle(name: str, cfg: Config, cloud: Cloud, args: list) -> None:
gid = util.get_group_id("ssh_keys")
if gid != -1:
# perform same "sanitize permissions" as sshd-keygen
+ permissions_private = 0o600
+ ssh_version = ssh_util.get_opensshd_upstream_version()
+ if ssh_version and ssh_version < util.Version(9, 0):
+ permissions_private = 0o640
os.chown(keyfile, -1, gid)
- os.chmod(keyfile, 0o640)
- os.chmod(keyfile + ".pub", 0o644)
+ os.chmod(keyfile, permissions_private)
+ os.chmod(f"{keyfile}.pub", 0o644)
except subp.ProcessExecutionError as e:
err = util.decode_binary(e.stderr).lower()
if e.exit_code == 1 and err.lower().startswith(
View Lorry Controller Status