Run sshd_check_keys failed: ... 2019-09-22T09:59:10.878738+00:00 qemux86-64 sshd_check_keys[419]: generating ssh ED25519 host key... 2019-09-22T09:59:10.897617+00:00 qemux86-64 sshd_check_keys[419]: ED25519 keys are not allowed in FIPS mode ...
If fips mode enabled (existence of "/etc/system-fips"), don't generate ED25519 host keys in FIPS mode Refers Fedora: https://src.fedoraproject.org/rpms/openssh/c/00c7b7543973f237b79ee87ca697c08b71954d35 https://src.fedoraproject.org/rpms/openssh/c/3b7c8620a1df976c1c09553c1c7b99ce492d290b Signed-off-by: Hongxu Jia <hongxu....@windriver.com> --- recipes-connectivity/openssh/openssh/sshd_check_keys | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/recipes-connectivity/openssh/openssh/sshd_check_keys b/recipes-connectivity/openssh/openssh/sshd_check_keys index 1931dc7..338531d 100644 --- a/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -71,6 +71,10 @@ for key in ${HOST_KEYS} ; do generate_key $key ecdsa ;; *_ed25519_key) + FIPS=/etc/system-fips + if [[ -r "$FIPS" ]]; then + continue + fi echo " generating ssh ED25519 host key..." generate_key $key ed25519 ;; -- 2.7.4 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
