ensure default umasks are applied post-keygen
This commit is contained in:
parent
a6ed57d6c5
commit
a7bc2b6d74
1 changed files with 17 additions and 12 deletions
|
|
@ -96,18 +96,6 @@ case "$TYPE" in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if [[ -n "$COMMENT" ]]; then
|
|
||||||
EXTRA="$EXTRA -C '$COMMENT'"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# BUG: WARNING: $OUT permits arbitrary command injection
|
|
||||||
if [[ -n "$OUT" ]]; then
|
|
||||||
EXTRA="$EXTRA -f $OUT"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ "$NOPASSWD" == true ]]; then
|
|
||||||
EXTRA="$EXTRA -N ''"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ "$HWKEY" == true ]]; then
|
if [[ "$HWKEY" == true ]]; then
|
||||||
if [[ "$TYPE" == "rsa" ]]; then
|
if [[ "$TYPE" == "rsa" ]]; then
|
||||||
|
|
@ -117,10 +105,27 @@ if [[ "$HWKEY" == true ]]; then
|
||||||
TYPE="$TYPE-sk"
|
TYPE="$TYPE-sk"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ -n "$COMMENT" ]]; then
|
||||||
|
EXTRA="$EXTRA -C '$COMMENT'"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# BUG: WARNING: $OUT permits arbitrary command injection
|
||||||
|
if [[ -n "$OUT" ]]; then
|
||||||
|
EXTRA="$EXTRA -f $OUT"
|
||||||
|
else
|
||||||
|
# fallback to ssh-keygen's default file (for chmod later)
|
||||||
|
OUT="~/.ssh/id_$TYPE"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "$NOPASSWD" == true ]]; then
|
||||||
|
EXTRA="$EXTRA -N ''"
|
||||||
|
fi
|
||||||
# permit error during key generation
|
# permit error during key generation
|
||||||
set +e
|
set +e
|
||||||
echo -e "${BOLD}${GREEN}[+] ssh-keygen -t $TYPE -a '$ROUNDS' $EXTRA${RESET}"
|
echo -e "${BOLD}${GREEN}[+] ssh-keygen -t $TYPE -a '$ROUNDS' $EXTRA${RESET}"
|
||||||
ssh-keygen -t $TYPE -a "$ROUNDS" $EXTRA
|
ssh-keygen -t $TYPE -a "$ROUNDS" $EXTRA
|
||||||
|
chmod 600 $OUT
|
||||||
|
chmod 644 $OUT.pub
|
||||||
|
|
||||||
# reset state
|
# reset state
|
||||||
set -e
|
set -e
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue