Browse Source

As it's done in /etc/skel for new regular users, create an empty

/root/.ssh/authorized_keys file with correct permissions (0600 for the
file, 0700 for /root/.ssh dir). Since we encourage administrators to use
public keys only if they want to access root account via ssh, might
aswell make it easier, this will be particularly useful in
managed/provisioned environments (think ansible & others).
Note that administrators might get an e-mail from security(8) if the
file suddenly appears after an update - this is of course expected :)
ok tb@ sthen@ rpe@ ajacoutot@
OPENBSD_6_1
landry 7 years ago
parent
commit
61f9f573cf
2 changed files with 6 additions and 2 deletions
  1. +3
    -1
      src/etc/Makefile
  2. +3
    -1
      src/etc/mtree/4.4BSD.dist

+ 3
- 1
src/etc/Makefile View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.449 2017/02/02 21:35:05 rpe Exp $
# $OpenBSD: Makefile,v 1.450 2017/02/12 08:56:17 landry Exp $
.include <bsd.own.mk> .include <bsd.own.mk>
@ -110,6 +110,8 @@ distribution-etc-root-var: distrib-dirs
${DESTDIR}/root/.Xdefaults; \ ${DESTDIR}/root/.Xdefaults; \
${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \ ${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \
${DESTDIR}/root/.cvsrc; \ ${DESTDIR}/root/.cvsrc; \
${INSTALL} -c -o root -g wheel -m 600 /dev/null \
${DESTDIR}/root/.ssh/authorized_keys; \
rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \ rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \
${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \ ${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \
${DESTDIR}/.cshrc; \ ${DESTDIR}/.cshrc; \


+ 3
- 1
src/etc/mtree/4.4BSD.dist View File

@ -1,4 +1,4 @@
# $OpenBSD: 4.4BSD.dist,v 1.293 2016/12/27 09:17:52 jca Exp $
# $OpenBSD: 4.4BSD.dist,v 1.294 2017/02/12 08:56:17 landry Exp $
/set type=dir uname=root gname=wheel mode=0755 /set type=dir uname=root gname=wheel mode=0755
@ -118,6 +118,8 @@ home
mnt mnt
.. ..
root mode=0700 root mode=0700
.ssh uname=root mode=0700
..
.. ..
sbin sbin
.. ..


Loading…
Cancel
Save