Comments (3)
SBell6hf
commented on June 14, 2024
Other programs, like OpenSSH, would reject files with such permissions.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0444 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_rsa_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_rsa_key
sshd: no hostkeys available -- exiting.
from certstrap.
jdtw
commented on June 14, 2024
Doesn't the key get 0440, not 0444?
Line 45 in fda01db
What's your concern with reading the certificate (0444)? That should be public and okay for anybody to read.
from certstrap.
isemaya-square
commented on June 14, 2024
Closing this - we fixed file permissions checking in #141 so that the file permissions must match or be stricter than the permissions listed (440 or 444)
from certstrap.
Related Issues (20)
- Dependabot can't resolve your Go dependency files
- Certificate expiry clarity HOT 1
- Golang 1.17 broke Tests with crypto/x509
- x509.(Encrypt|Decrypt)PEMBlock have been deprecated
- Failed to create certificate HOT 2
- certstrap arm64/aarch64 release
- Certstrap allows looser permissions but not stricter, which can lead to security issues HOT 1
- created files not available from docker-instance HOT 1
- Get CA key error: permission denied HOT 7
- Get certificate request error: permission denied HOT 4
- build github.com/square/certstrap: cannot load io/fs: malformed module path "io/fs": missing dot in first path element HOT 3
- Unable to create ECDSA-based (curve) CA using example from docs HOT 2
- Build new release that matches docs HOT 2
- Crypto Go :we are a research group to help developers build secure applications. HOT 1
- Get CA certificate error: permissions too lax for cert.crt: required no more than -r--r--r--, found -r-xr-xr-x HOT 1
- Why the serial number for init commands is 01
- Allow complete customized of common name with new switch
- Question on decrypting EC private keys HOT 2
- Certs Failing on Ubuntu 22.04
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certstrap.