Module Name:    src
Committed By:   snj
Date:           Tue Aug 15 05:38:29 UTC 2017

Modified Files:
        src/etc/rc.d [netbsd-6-0]: sshd

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1468):
        etc/rc.d/sshd: revision 1.22
        etc/rc.d/sshd: revision 1.23
PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.
--
Add new keytype, replace duplicated code with loop


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.21.10.1 src/etc/rc.d/sshd

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/etc/rc.d/sshd
diff -u src/etc/rc.d/sshd:1.21 src/etc/rc.d/sshd:1.21.10.1
--- src/etc/rc.d/sshd:1.21	Mon Jul 25 03:04:23 2011
+++ src/etc/rc.d/sshd	Tue Aug 15 05:38:29 2017
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: sshd,v 1.21 2011/07/25 03:04:23 christos Exp $
+# $NetBSD: sshd,v 1.21.10.1 2017/08/15 05:38:29 snj Exp $
 #
 
 # PROVIDE: sshd
@@ -17,44 +17,31 @@ extra_commands="keygen reload"
 
 sshd_keygen()
 {
-	(
+(
+	keygen="/usr/bin/ssh-keygen"
 	umask 022
-	if [ -f /etc/ssh/ssh_host_key ]; then
-		echo "You already have an RSA host key" \
-		    "in /etc/ssh/ssh_host_key"
-		echo "Skipping protocol version 1 RSA Key Generation"
-	else
-		/usr/bin/ssh-keygen -t rsa1 ${ssh_keygen_flags} \
-		    -f /etc/ssh/ssh_host_key -N ''
-	fi
-
-	if [ -f /etc/ssh/ssh_host_dsa_key ]; then
-		echo "You already have a DSA host key" \
-		    "in /etc/ssh/ssh_host_dsa_key"
-		echo "Skipping protocol version 2 DSA Key Generation"
-	else
-		/usr/bin/ssh-keygen -t dsa ${ssh_keygen_flags} \
-		    -f /etc/ssh/ssh_host_dsa_key -N ''
-	fi
-
-	if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
-		echo "You already have a ECDSA host key" \
-		    "in /etc/ssh/ssh_host_ecdsa_key"
-		echo "Skipping protocol version 1 ECDSA Key Generation"
-	else
-		/usr/bin/ssh-keygen -t ecdsa -b 521 \
-		    -f /etc/ssh/ssh_host_ecdsa_key -N ''
-	fi
-
-	if [ -f /etc/ssh/ssh_host_rsa_key ]; then
-		echo "You already have a RSA host key" \
-		    "in /etc/ssh/ssh_host_rsa_key"
-		echo "Skipping protocol version 2 RSA Key Generation"
-	else
-		/usr/bin/ssh-keygen -t rsa ${ssh_keygen_flags} \
-		    -f /etc/ssh/ssh_host_rsa_key -N ''
-	fi
-	)
+	while read type bits filename version name;  do
+		f="/etc/ssh/$filename"
+		if [ -f "$f" ]; then
+			echo "You already have an $name host key in $f"
+			echo "Skipping protocol version $version $name" \
+			    "Key Generation"
+		else
+			case "${bits}" in
+			-1)	bitarg=;;
+			0)	bitarg="${ssh_keygen_flags}";;
+			*)	bitarg="-b ${bits}";;
+			esac
+			"${keygen}" -t "${type}" ${bitarg} -f "${f}" -N ''
+		fi
+	done << _EOF
+rsa1	0	ssh_host_key		1	RSA
+dsa	1024	ssh_host_dsa_key	2	DSA
+ecdsa	521	ssh_host_ecdsa_key	1	ECDSA
+ed25519	-1	ssh_host_ed25519_key	1	ED25519
+rsa	0	ssh_host_rsa_key	2	RSA
+_EOF
+)
 }
 
 sshd_precmd()
@@ -62,6 +49,7 @@ sshd_precmd()
 	if [ ! -f /etc/ssh/ssh_host_key -o \
 	    ! -f /etc/ssh/ssh_host_dsa_key -o \
 	    ! -f /etc/ssh/ssh_host_ecdsa_key -o \
+	    ! -f /etc/ssh/ssh_host_ed25519_key -o \
 	    ! -f /etc/ssh/ssh_host_rsa_key ]; then
 		run_rc_command keygen
 	fi

Reply via email to