guestfs: ensure right permissions for ssh config

Ensure right permissions are set for the ~/.ssh/config_kdevops_* and
~/.ssh/config files.

From man 5 ssh_config:
FILES
       ~/.ssh/config
               This is the per-user configuration file.  The format
of this file is described above.  This file is used by the SSH client.
Because of the potential for abuse, this file must have  strict
permissions:  read/write  for  the
               user, and not writable by others.  It may be
group-writable provided that the group in question contains only the
user.

Fixes 'make bringup' ssh error:

TASK [update_ssh_config_guestfs : Check if the new
include directive was used with a kdevops_version comment]

PLAY RECAP
localhost                  : ok=4    changed=0    unreachable=0
failed=0    skipped=0    rescued=0    ignored=0

dagomez | FAILED! => {
    "changed": false,
    "elapsed": 600,
    "msg": "timed out waiting for ping module test: Failed
to connect to the host via ssh: Bad owner or permissions on
/home/dagomez/.ssh/config_kdevops_e1093bd8286b279a4838c0b4bb570d04907f43
b70e73a0badc6f3271e5790209"
}
make: *** [scripts/guestfs.Makefile:67: .provisioned_once_ssh] Error 2

stat -c '%a' \
~/.ssh/config_kdevops_e1093bd8286b279a4838c0b4bb570d04907f43b70e73a0badc
6f3271e5790209
664

stat -c '%a' ~/.ssh/
700

stat -c '%a' ~/.ssh/config
600

Reviewed-by: Luis Chamberlain <[email protected]>
Signed-off-by: Daniel Gomez <[email protected]>

Author: dkruces

playbooks/roles/update_ssh_config_guestfs/tasks/main.yml

@@ -69,3 +69,11 @@
     create: true
     block: |
       Include ~/.ssh/config_kdevops_*
+
+- name: Ensure ~/.ssh/config permissions
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.file:
+    path: ~/.ssh/config
+    mode: "0600"

scripts/update_ssh_config_guestfs.py

@@ -92,6 +92,7 @@ def main():
         }
         sshconf.write(ssh_template.format(**context))
     sshconf.close()
+    os.chmod(ssh_config, 0o600)
 
 if __name__ == "__main__":
     main()