Module Name: src
Committed By: snj
Date: Tue Aug 15 05:38:29 UTC 2017
Modified Files:
src/etc/rc.d [netbsd-6-0]: sshd
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1468):
etc/rc.d/sshd: revision 1.22
etc/rc.d/sshd: revision 1.23
PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.
--
Add new keytype, replace duplicated code with loop
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.21.10.1 src/etc/rc.d/sshd
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/rc.d/sshd
diff -u src/etc/rc.d/sshd:1.21 src/etc/rc.d/sshd:1.21.10.1
--- src/etc/rc.d/sshd:1.21 Mon Jul 25 03:04:23 2011
+++ src/etc/rc.d/sshd Tue Aug 15 05:38:29 2017
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: sshd,v 1.21 2011/07/25 03:04:23 christos Exp $
+# $NetBSD: sshd,v 1.21.10.1 2017/08/15 05:38:29 snj Exp $
#
# PROVIDE: sshd
@@ -17,44 +17,31 @@ extra_commands="keygen reload"
sshd_keygen()
{
- (
+(
+ keygen="/usr/bin/ssh-keygen"
umask 022
- if [ -f /etc/ssh/ssh_host_key ]; then
- echo "You already have an RSA host key" \
- "in /etc/ssh/ssh_host_key"
- echo "Skipping protocol version 1 RSA Key Generation"
- else
- /usr/bin/ssh-keygen -t rsa1 ${ssh_keygen_flags} \
- -f /etc/ssh/ssh_host_key -N ''
- fi
-
- if [ -f /etc/ssh/ssh_host_dsa_key ]; then
- echo "You already have a DSA host key" \
- "in /etc/ssh/ssh_host_dsa_key"
- echo "Skipping protocol version 2 DSA Key Generation"
- else
- /usr/bin/ssh-keygen -t dsa ${ssh_keygen_flags} \
- -f /etc/ssh/ssh_host_dsa_key -N ''
- fi
-
- if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
- echo "You already have a ECDSA host key" \
- "in /etc/ssh/ssh_host_ecdsa_key"
- echo "Skipping protocol version 1 ECDSA Key Generation"
- else
- /usr/bin/ssh-keygen -t ecdsa -b 521 \
- -f /etc/ssh/ssh_host_ecdsa_key -N ''
- fi
-
- if [ -f /etc/ssh/ssh_host_rsa_key ]; then
- echo "You already have a RSA host key" \
- "in /etc/ssh/ssh_host_rsa_key"
- echo "Skipping protocol version 2 RSA Key Generation"
- else
- /usr/bin/ssh-keygen -t rsa ${ssh_keygen_flags} \
- -f /etc/ssh/ssh_host_rsa_key -N ''
- fi
- )
+ while read type bits filename version name; do
+ f="/etc/ssh/$filename"
+ if [ -f "$f" ]; then
+ echo "You already have an $name host key in $f"
+ echo "Skipping protocol version $version $name" \
+ "Key Generation"
+ else
+ case "${bits}" in
+ -1) bitarg=;;
+ 0) bitarg="${ssh_keygen_flags}";;
+ *) bitarg="-b ${bits}";;
+ esac
+ "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N ''
+ fi
+ done << _EOF
+rsa1 0 ssh_host_key 1 RSA
+dsa 1024 ssh_host_dsa_key 2 DSA
+ecdsa 521 ssh_host_ecdsa_key 1 ECDSA
+ed25519 -1 ssh_host_ed25519_key 1 ED25519
+rsa 0 ssh_host_rsa_key 2 RSA
+_EOF
+)
}
sshd_precmd()
@@ -62,6 +49,7 @@ sshd_precmd()
if [ ! -f /etc/ssh/ssh_host_key -o \
! -f /etc/ssh/ssh_host_dsa_key -o \
! -f /etc/ssh/ssh_host_ecdsa_key -o \
+ ! -f /etc/ssh/ssh_host_ed25519_key -o \
! -f /etc/ssh/ssh_host_rsa_key ]; then
run_rc_command keygen
fi
