40n8.me/baseimage-docker
1
0
Fork 0
mirror of /repos/baseimage-docker.git synced 2025-12-30 08:01:31 +01:00
Code Issues Releases Wiki Activity

needed for insecure key usage

Browse Source 
`chmod 600` is for the benefit of ssh client, which will otherwise spew:

```
chmod 600 image/insecure_key.pub
SSHing into 172.17.0.2
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for 'image/insecure_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: image/insecure_key
```

As you can see though, the wrong file is `chmod`'ed -- it's the private key that SSH will insist should be protected with a more restrictive mode.

After this, `CMD ["/sbin/my_init", "--enable-insecure-key"]` works as expected.
This commit is contained in:
yebyen 2014-06-09 12:32:52 -04:00
parent 0325abf74e
commit 949bd1d89f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -20,7 +20,7 @@ release: test tag_latest
@echo "*** Don't forget to create a tag. git tag rel-$(VERSION) && git push origin rel-$(VERSION)" @echo "*** Don't forget to create a tag. git tag rel-$(VERSION) && git push origin rel-$(VERSION)"
ssh: ssh:
chmod 600 image/insecure_key.pub chmod 600 image/insecure_key
@ID=$$(docker ps | grep -F "$(NAME):$(VERSION)" | awk '{ print $$1 }') && \ @ID=$$(docker ps | grep -F "$(NAME):$(VERSION)" | awk '{ print $$1 }') && \
if test "$$ID" = ""; then echo "Container is not running."; exit 1; fi && \ if test "$$ID" = ""; then echo "Container is not running."; exit 1; fi && \
IP=$$(docker inspect $$ID | grep IPAddr | sed 's/.*: "//; s/".*//') && \ IP=$$(docker inspect $$ID | grep IPAddr | sed 's/.*: "//; s/".*//') && \