fix /etc/ssh generate key file access permission error

openssh.spec

@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 9
+%global openssh_release 10
 
 Name:           openssh
 Version:        8.2p1
@@ -464,6 +464,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Fri May 21 2021 renmingshuai<renmingshuai@huawei.com> - 8.2P1-10
+- Type:cves
+- ID:NA
+- SUG:NA
+- DESC:fix /etc/ssh generate key file access permission error
+
 * Tue Jan 12 2021 yuboyun<yuboyun@huawei.com> - 8.2P1-9
 - Type:cves
 - ID:CVE-2020-14145

sshd-keygen

@@ -31,8 +31,8 @@ fi
 
 # sanitize permissions
 /usr/bin/chgrp ssh_keys $KEY
-/usr/bin/chmod 400 $KEY
-/usr/bin/chmod 400 $KEY.pub
+/usr/bin/chmod 600 $KEY
+/usr/bin/chmod 644 $KEY.pub
 if [[ -x /usr/sbin/restorecon ]]; then
 	/usr/sbin/restorecon $KEY{,.pub}
 fi