diff --git a/salt/_runners/setup_hypervisor.py b/salt/_runners/setup_hypervisor.py
index 6db1def5c..fd1496c85 100644
--- a/salt/_runners/setup_hypervisor.py
+++ b/salt/_runners/setup_hypervisor.py
@@ -300,7 +300,7 @@ def _setup_ssh_keys():
 
         # Set proper permissions
         os.chmod(key_path, 0o600)
-        os.chmod(pub_key_path, 0o644)
+        os.chmod(pub_key_path, 0o640)
 
         log.info("SETUP_KEYS: SSH keys generated successfully")
 
diff --git a/salt/reactor/createEmptyPillar.sls b/salt/reactor/createEmptyPillar.sls
index dccf25f89..c6c655bab 100644
--- a/salt/reactor/createEmptyPillar.sls
+++ b/salt/reactor/createEmptyPillar.sls
@@ -29,7 +29,7 @@ def run():
         # Set ownership to socore:socore
         os.chown(full_path, socore_uid, socore_gid)
         # Set mode to 644 (rw-r--r--)
-        os.chmod(full_path, 0o644)
+        os.chmod(full_path, 0o640)
         logging.error("createEmptyPillar reactor: created %s with socore:socore ownership and mode 644" % f)
 
   except (KeyError, OSError) as e: