diff options
| author | Landry Breuil <landry@cvs.openbsd.org> | 2017-02-12 08:56:18 +0000 |
|---|---|---|
| committer | Landry Breuil <landry@cvs.openbsd.org> | 2017-02-12 08:56:18 +0000 |
| commit | 1303ed5d3bc3108875703bb9422297376b6c249f (patch) | |
| tree | 635dcae0fc373318241f4e2e76c453d0fd521a7e /etc/Makefile | |
| parent | 89043ff36c6d6b7d281d035919b813f9866d1e68 (diff) | |
As it's done in /etc/skel for new regular users, create an empty
/root/.ssh/authorized_keys file with correct permissions (0600 for the
file, 0700 for /root/.ssh dir). Since we encourage administrators to use
public keys only if they want to access root account via ssh, might
aswell make it easier, this will be particularly useful in
managed/provisioned environments (think ansible & others).
Note that administrators might get an e-mail from security(8) if the
file suddenly appears after an update - this is of course expected :)
ok tb@ sthen@ rpe@ ajacoutot@
Diffstat (limited to 'etc/Makefile')
| -rw-r--r-- | etc/Makefile | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/Makefile b/etc/Makefile index 9b0e2efbb08..f8cd0a5f51f 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.449 2017/02/02 21:35:05 rpe Exp $ +# $OpenBSD: Makefile,v 1.450 2017/02/12 08:56:17 landry Exp $ .include <bsd.own.mk> @@ -110,6 +110,8 @@ distribution-etc-root-var: distrib-dirs ${DESTDIR}/root/.Xdefaults; \ ${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \ ${DESTDIR}/root/.cvsrc; \ + ${INSTALL} -c -o root -g wheel -m 600 /dev/null \ + ${DESTDIR}/root/.ssh/authorized_keys; \ rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \ ${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \ ${DESTDIR}/.cshrc; \ |