Change private key permissions to 600

[nealep]

The PR is to fix issue #6832

Some versions of OpenSSH will not load private keys with permissive permissions. Setting permission to 600 allows OpenSSH to start and load the created private keys and avoid some downstream errors during postbootscript sequences.

The modification include

• postscripts/remoteshell - changes the permissions of private keys from 640 to 600

[besawn]

@nealep Thank you again for the pull request. The pull requests you have opened recently have been very helpful; I think it would greatly benefit the xCAT project if you could formally join the project as a contributor. Are you interested in joining the project as a contributor by submitting a Contributor License Agreement?

[nealep]

Sure, that'd be great! I'll have to get the CCLA put through legal, though, which will take some time.

[besawn]

@nealep I understand that obtaining legal approvals can be time consuming, so for these existing pull requests, the xCAT core team may create equivalent pull requests to address these issues so the changes can be included in the next release. In the long term, we do appreciate your support of the project in whatever manner is most efficient for you. If you are able and willing to pursue getting approval to submit a CLA and CCLA, we would be happy to have you become a formal xCAT contributor. If that process becomes too much of a burden, we still welcome your participation, even if we are not able to directly accept pull requests. Thanks again!

[nealep]

I'm going to go ahead and submit the CCLA to the legal folks. No idea what the turn around time might be so in the meantime it's probably worth the xCAT maintainers making a duplicate PR for this and xcat2/goconserver#64 then pulling in the changes that way. I'm sure you'll hear from me when the form gets signed!

[cxhong]

I couldn't recreate issue #6832 with centos7.8 images and rhels8.2 images.
But according the man page:

/etc/ssh/ssh_host_ecdsa_key
     /etc/ssh/ssh_host_ed25519_key
     /etc/ssh/ssh_host_rsa_key
             These files contain the private parts of the host keys.  These files should only be
             owned by root, readable only by root, and not accessible to others.  Note that sshd
             does not start if these files are group/world-accessible.

we should change the permission to 600. only allow root to read/write.
I verified this PR on centos7.8/x86_64 and rhels8.2/ppc64le, didn't hit any issues. I think should be ready to merge

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}