Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.5.0
-
None
Description
In AbstractGeneratorHostKeyProvider.loadFromFile() the configured keyPath is checked using LinkOption.NOFOLLOW_LINKS. If the path is a symlink, the key will be ignored. Perversely, this class then generates and writes out a new key (if overwriteAllowed) writing through the symlink and clobbering the original; on every startup it will ignore its own previous key and do it again.
Note this is not about following or listing symlinks for, e.g., SFTP clients (SSHD-733).
Since the key path is purely server-side configuration, SSHD should not interfere with deployment details such as whether its private key is behind a symlink.