mrzarquon
commented
2 years ago tl,dr; this enforces the same examples as per your docs - https://www.strongdm.com/docs/admin-ui-guide/infrastructure-management/servers/ssh-certificate-auth
Closed mrzarquon closed 2 years ago
mrzarquon
commented
2 years ago tl,dr; this enforces the same examples as per your docs - https://www.strongdm.com/docs/admin-ui-guide/infrastructure-management/servers/ssh-certificate-auth
Before this fix it was possible to deploy a server but not be able to connect to it, due ssh ignoring the CA file due to invalid permissions.
The file is being created via the tee -a, so it inherits the default permission mask, which has group/world read in most instances.
This adds a
chmod 600 /etc/ssh/sdm_ca.pubto both templates to ensure the right permissions are enforced