Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2158230 - Restore stricter SSH hostkeys permissions
Summary: Restore stricter SSH hostkeys permissions
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Changes Tracking
Version: 38
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Dmitry Belyavskiy
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: F38Changes
TreeView+ depends on / blocked
 
Reported: 2023-01-04 18:04 UTC by Ben Cotton
Modified: 2023-04-18 14:06 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-04-18 14:06:36 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Ben Cotton 2023-01-04 18:04:32 UTC
This is a tracking bug for Change: Restore stricter SSH hostkeys permissions
For more details, see: https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit

We want to
- drop a downstream-only patch to ssh permitting group-readable ssh host keys
- drop a ssh_keys group
- restore suid bit instead of sgid on a helper utility ssh-keysign

If you encounter a bug related to this Change, please do not comment here. Instead create a new bug and set it to block this bug.

Comment 1 Ben Cotton 2023-02-07 14:27:33 UTC
Today we reached the Code Complete (Testable) milestone on the F38 schedule: https://fedorapeople.org/groups/schedule/f-38/f-38-key-tasks.html

At this time, all F38 Changes should be complete enough to be testable. You can indicate this by setting this tracker to the MODIFIED status. If the Change is 100% code complete, you can set the tracker to ON_QA. If you need to defer this Change to F39, please NEEDINFO me.

Changes that have not reached at least the MODIFIED status will be given to FESCo for evaluation of contingency plans.


Note You need to log in before you can comment on or make changes to this bug.