From 1303ed5d3bc3108875703bb9422297376b6c249f Mon Sep 17 00:00:00 2001 From: Landry Breuil Date: Sun, 12 Feb 2017 08:56:18 +0000 Subject: As it's done in /etc/skel for new regular users, create an empty /root/.ssh/authorized_keys file with correct permissions (0600 for the file, 0700 for /root/.ssh dir). Since we encourage administrators to use public keys only if they want to access root account via ssh, might aswell make it easier, this will be particularly useful in managed/provisioned environments (think ansible & others). Note that administrators might get an e-mail from security(8) if the file suddenly appears after an update - this is of course expected :) ok tb@ sthen@ rpe@ ajacoutot@ --- etc/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'etc/Makefile') diff --git a/etc/Makefile b/etc/Makefile index 9b0e2efbb08..f8cd0a5f51f 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.449 2017/02/02 21:35:05 rpe Exp $ +# $OpenBSD: Makefile,v 1.450 2017/02/12 08:56:17 landry Exp $ .include @@ -110,6 +110,8 @@ distribution-etc-root-var: distrib-dirs ${DESTDIR}/root/.Xdefaults; \ ${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \ ${DESTDIR}/root/.cvsrc; \ + ${INSTALL} -c -o root -g wheel -m 600 /dev/null \ + ${DESTDIR}/root/.ssh/authorized_keys; \ rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \ ${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \ ${DESTDIR}/.cshrc; \ -- cgit v1.2.3