Djam/openssh
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/openssh.git synced 2025-02-25 10:43:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update sshd-keygen to support ECDSA and ED25519 (with some other fixes from Fedora)

Browse source
This commit is contained in:
Andrey Bondrov 2018-01-23 20:25:41 +10:00
parent c7dd6d84a3
commit 87fa3a7ab9
1 changed files with 87 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

104
sshd-keygen
View file

@ -4,18 +4,35 @@
#
# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
# variable.
AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
# source function library
. /etc/rc.d/init.d/functions
# pull in sysconfig settings
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
if [ -f /etc/rc.d/init.d/functions ]; then
# source function library
. /etc/rc.d/init.d/functions
else
# minimal implimantation of success and failure function
success()
{
echo -en $"[ OK ]\r"
return 0
}
failure()
{
echo -en $"[FAILED]\r"
return 1
}
fi
# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
ED25519_KEY=/etc/ssh/ssh_host_ed25519_key
# pull in sysconfig settings
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
@ -23,10 +40,10 @@ do_rsa1_keygen() {
rm -f $RSA1_KEY
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $RSA1_KEY
chmod 600 $RSA1_KEY
chmod 640 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA1_KEY.pub
/sbin/restorecon $RSA1_KEY{,.pub}
fi
success $"RSA1 key generation"
echo
@ -44,10 +61,10 @@ do_rsa_keygen() {
rm -f $RSA_KEY
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $RSA_KEY
chmod 600 $RSA_KEY
chmod 640 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY.pub
/sbin/restorecon $RSA_KEY{,.pub}
fi
success $"RSA key generation"
echo
@ -65,10 +82,10 @@ do_dsa_keygen() {
rm -f $DSA_KEY
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $DSA_KEY
chmod 600 $DSA_KEY
chmod 640 $DSA_KEY
chmod 644 $DSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $DSA_KEY.pub
/sbin/restorecon $DSA_KEY{,.pub}
fi
success $"DSA key generation"
echo
@ -80,11 +97,64 @@ do_dsa_keygen() {
fi
}
# Create keys if necessary
if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
do_rsa_keygen
if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
do_rsa1_keygen
do_dsa_keygen
do_ecdsa_keygen() {
if [ ! -s $ECDSA_KEY ]; then
echo -n $"Generating SSH2 ECDSA host key: "
rm -f $ECDSA_KEY
if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $ECDSA_KEY
chmod 640 $ECDSA_KEY
chmod 644 $ECDSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $ECDSA_KEY{,.pub}
fi
success $"ECDSA key generation"
echo
else
failure $"ECDSA key generation"
echo
exit 1
fi
fi
}
do_ed25519_keygen() {
if [ ! -s $ED25519_KEY ]; then
echo -n $"Generating SSH2 ED25519 host key: "
rm -f $ED25519_KEY
if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $ED25519_KEY
chmod 640 $ED25519_KEY
chmod 644 $ED25519_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $ED25519_KEY{,.pub}
fi
success $"ED25519 key generation"
echo
else
failure $"ED25519 key generation"
echo
exit 1
fi
fi
}
if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then
exit 0
fi
# legacy options
case $AUTOCREATE_SERVER_KEYS in
NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";;
YES) AUTOCREATE_SERVER_KEYS="DSA RSA ECDSA ED25519";;
esac
for KEY in $AUTOCREATE_SERVER_KEYS; do
case $KEY in
DSA) do_dsa_keygen;;
RSA) do_rsa_keygen;;
ECDSA) do_ecdsa_keygen;;
ED25519) do_ed25519_keygen;;
esac
done