Djam/openssh
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/openssh.git synced 2025-02-25 10:43:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update show-more-fingerprints patch to match 7.6 code base

Browse source 
Drop obsolete RSA1 parts
Add ED25519 parts
This commit is contained in:
Andrey Bondrov 2018-01-24 00:15:04 +10:00
parent 87fa3a7ab9
commit d59534c5de
3 changed files with 75 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

95
openssh-7.4p1-show-more-fingerprints.patch → openssh-7.6p1-show-more-fingerprints.patch
View file

@ -1,7 +1,7 @@
diff -up openssh-7.4p1/clientloop.c.fingerprint openssh-7.4p1/clientloop.c diff -up openssh/clientloop.c.fingerprint openssh/clientloop.c
--- openssh-7.4p1/clientloop.c.fingerprint 2016-12-23 15:38:50.520432387 +0100 --- openssh/clientloop.c.fingerprint 2017-09-26 15:21:22.582477729 +0200
+++ openssh-7.4p1/clientloop.c 2016-12-23 15:38:50.564432394 +0100 +++ openssh/clientloop.c 2017-09-26 15:21:22.620477932 +0200
@@ -2279,7 +2279,7 @@ update_known_hosts(struct hostkeys_updat @@ -1854,7 +1854,7 @@ update_known_hosts(struct hostkeys_updat
if (ctx->keys_seen[i] != 2) if (ctx->keys_seen[i] != 2)
continue; continue;
if ((fp = sshkey_fingerprint(ctx->keys[i], if ((fp = sshkey_fingerprint(ctx->keys[i],
@ -10,7 +10,7 @@ diff -up openssh-7.4p1/clientloop.c.fingerprint openssh-7.4p1/clientloop.c
fatal("%s: sshkey_fingerprint failed", __func__); fatal("%s: sshkey_fingerprint failed", __func__);
do_log2(loglevel, "Learned new hostkey: %s %s", do_log2(loglevel, "Learned new hostkey: %s %s",
sshkey_type(ctx->keys[i]), fp); sshkey_type(ctx->keys[i]), fp);
@@ -2287,7 +2287,7 @@ update_known_hosts(struct hostkeys_updat @@ -1862,7 +1862,7 @@ update_known_hosts(struct hostkeys_updat
} }
for (i = 0; i < ctx->nold; i++) { for (i = 0; i < ctx->nold; i++) {
if ((fp = sshkey_fingerprint(ctx->old_keys[i], if ((fp = sshkey_fingerprint(ctx->old_keys[i],
@ -19,7 +19,7 @@ diff -up openssh-7.4p1/clientloop.c.fingerprint openssh-7.4p1/clientloop.c
fatal("%s: sshkey_fingerprint failed", __func__); fatal("%s: sshkey_fingerprint failed", __func__);
do_log2(loglevel, "Deprecating obsolete hostkey: %s %s", do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",
sshkey_type(ctx->old_keys[i]), fp); sshkey_type(ctx->old_keys[i]), fp);
@@ -2330,7 +2330,7 @@ update_known_hosts(struct hostkeys_updat @@ -1905,7 +1905,7 @@ update_known_hosts(struct hostkeys_updat
(r = hostfile_replace_entries(options.user_hostfiles[0], (r = hostfile_replace_entries(options.user_hostfiles[0],
ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys, ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys,
options.hash_known_hosts, 0, options.hash_known_hosts, 0,
@ -28,7 +28,7 @@ diff -up openssh-7.4p1/clientloop.c.fingerprint openssh-7.4p1/clientloop.c
error("%s: hostfile_replace_entries failed: %s", error("%s: hostfile_replace_entries failed: %s",
__func__, ssh_err(r)); __func__, ssh_err(r));
} }
@@ -2443,7 +2443,7 @@ client_input_hostkeys(void) @@ -2038,7 +2038,7 @@ client_input_hostkeys(void)
error("%s: parse key: %s", __func__, ssh_err(r)); error("%s: parse key: %s", __func__, ssh_err(r));
goto out; goto out;
} }
@ -37,10 +37,10 @@ diff -up openssh-7.4p1/clientloop.c.fingerprint openssh-7.4p1/clientloop.c
SSH_FP_DEFAULT); SSH_FP_DEFAULT);
debug3("%s: received %s key %s", __func__, debug3("%s: received %s key %s", __func__,
sshkey_type(key), fp); sshkey_type(key), fp);
diff -up openssh-7.4p1/readconf.c.fingerprint openssh-7.4p1/readconf.c diff -up openssh/readconf.c.fingerprint openssh/readconf.c
--- openssh-7.4p1/readconf.c.fingerprint 2016-12-23 15:38:50.559432393 +0100 --- openssh/readconf.c.fingerprint 2017-09-26 15:21:22.618477921 +0200
+++ openssh-7.4p1/readconf.c 2016-12-23 15:38:50.565432394 +0100 +++ openssh/readconf.c 2017-09-26 15:21:22.621477937 +0200
@@ -1668,16 +1668,18 @@ parse_keytypes: @@ -1681,16 +1681,18 @@ parse_keytypes:
goto parse_string; goto parse_string;
case oFingerprintHash: case oFingerprintHash:
@ -69,7 +69,7 @@ diff -up openssh-7.4p1/readconf.c.fingerprint openssh-7.4p1/readconf.c
break; break;
case oUpdateHostkeys: case oUpdateHostkeys:
@@ -1905,7 +1907,7 @@ initialize_options(Options * options) @@ -1917,7 +1919,7 @@ initialize_options(Options * options)
options->canonicalize_fallback_local = -1; options->canonicalize_fallback_local = -1;
options->canonicalize_hostname = -1; options->canonicalize_hostname = -1;
options->revoked_host_keys = NULL; options->revoked_host_keys = NULL;
@ -78,7 +78,7 @@ diff -up openssh-7.4p1/readconf.c.fingerprint openssh-7.4p1/readconf.c
options->update_hostkeys = -1; options->update_hostkeys = -1;
options->hostbased_key_types = NULL; options->hostbased_key_types = NULL;
options->pubkey_key_types = NULL; options->pubkey_key_types = NULL;
@@ -2102,8 +2104,10 @@ fill_default_options(Options * options) @@ -2096,8 +2098,10 @@ fill_default_options(Options * options)
options->canonicalize_fallback_local = 1; options->canonicalize_fallback_local = 1;
if (options->canonicalize_hostname == -1) if (options->canonicalize_hostname == -1)
options->canonicalize_hostname = SSH_CANONICALISE_NO; options->canonicalize_hostname = SSH_CANONICALISE_NO;
@ -91,7 +91,7 @@ diff -up openssh-7.4p1/readconf.c.fingerprint openssh-7.4p1/readconf.c
if (options->update_hostkeys == -1) if (options->update_hostkeys == -1)
options->update_hostkeys = 0; options->update_hostkeys = 0;
if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 || if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 ||
@@ -2489,6 +2493,17 @@ dump_cfg_strarray(OpCodes code, u_int co @@ -2474,6 +2478,17 @@ dump_cfg_strarray(OpCodes code, u_int co
} }
static void static void
@ -109,7 +109,7 @@ diff -up openssh-7.4p1/readconf.c.fingerprint openssh-7.4p1/readconf.c
dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals) dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals)
{ {
u_int i; u_int i;
@@ -2564,7 +2579,6 @@ dump_client_config(Options *o, const cha @@ -2549,7 +2564,6 @@ dump_client_config(Options *o, const cha
dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign); dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign);
dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings); dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings);
dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure); dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
@ -117,7 +117,7 @@ diff -up openssh-7.4p1/readconf.c.fingerprint openssh-7.4p1/readconf.c
dump_cfg_fmtint(oForwardAgent, o->forward_agent); dump_cfg_fmtint(oForwardAgent, o->forward_agent);
dump_cfg_fmtint(oForwardX11, o->forward_x11); dump_cfg_fmtint(oForwardX11, o->forward_x11);
dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted); dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);
@@ -2634,6 +2648,7 @@ dump_client_config(Options *o, const cha @@ -2618,6 +2632,7 @@ dump_client_config(Options *o, const cha
dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles); dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles);
dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles); dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env); dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
@ -125,9 +125,9 @@ diff -up openssh-7.4p1/readconf.c.fingerprint openssh-7.4p1/readconf.c
/* Special cases */ /* Special cases */
diff -up openssh-7.4p1/readconf.h.fingerprint openssh-7.4p1/readconf.h diff -up openssh/readconf.h.fingerprint openssh/readconf.h
--- openssh-7.4p1/readconf.h.fingerprint 2016-12-23 15:38:50.559432393 +0100 --- openssh/readconf.h.fingerprint 2017-09-26 15:21:22.618477921 +0200
+++ openssh-7.4p1/readconf.h 2016-12-23 15:38:50.565432394 +0100 +++ openssh/readconf.h 2017-09-26 15:21:22.621477937 +0200
@@ -21,6 +21,7 @@ @@ -21,6 +21,7 @@
#define MAX_SEND_ENV 256 #define MAX_SEND_ENV 256
#define SSH_MAX_HOSTS_FILES 32 #define SSH_MAX_HOSTS_FILES 32
@ -136,7 +136,7 @@ diff -up openssh-7.4p1/readconf.h.fingerprint openssh-7.4p1/readconf.h
#define PATH_MAX_SUN (sizeof((struct sockaddr_un *)0)->sun_path) #define PATH_MAX_SUN (sizeof((struct sockaddr_un *)0)->sun_path)
struct allowed_cname { struct allowed_cname {
@@ -162,7 +163,8 @@ typedef struct { @@ -157,7 +158,8 @@ typedef struct {
char *revoked_host_keys; char *revoked_host_keys;
@ -146,10 +146,10 @@ diff -up openssh-7.4p1/readconf.h.fingerprint openssh-7.4p1/readconf.h
int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */ int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
diff -up openssh-7.4p1/ssh_config.5.fingerprint openssh-7.4p1/ssh_config.5 diff -up openssh/ssh_config.5.fingerprint openssh/ssh_config.5
--- openssh-7.4p1/ssh_config.5.fingerprint 2016-12-23 15:38:50.565432394 +0100 --- openssh/ssh_config.5.fingerprint 2017-09-26 15:21:22.618477921 +0200
+++ openssh-7.4p1/ssh_config.5 2016-12-23 15:40:03.754444166 +0100 +++ openssh/ssh_config.5 2017-09-26 15:21:22.621477937 +0200
@@ -652,12 +652,13 @@ or @@ -624,12 +624,13 @@ or
.Cm no .Cm no
(the default). (the default).
.It Cm FingerprintHash .It Cm FingerprintHash
@ -166,10 +166,10 @@ diff -up openssh-7.4p1/ssh_config.5.fingerprint openssh-7.4p1/ssh_config.5
.It Cm ForwardAgent .It Cm ForwardAgent
Specifies whether the connection to the authentication agent (if any) Specifies whether the connection to the authentication agent (if any)
will be forwarded to the remote machine. will be forwarded to the remote machine.
diff -up openssh-7.4p1/sshconnect2.c.fingerprint openssh-7.4p1/sshconnect2.c diff -up openssh/sshconnect2.c.fingerprint openssh/sshconnect2.c
--- openssh-7.4p1/sshconnect2.c.fingerprint 2016-12-23 15:38:50.561432394 +0100 --- openssh/sshconnect2.c.fingerprint 2017-09-26 15:21:22.619477926 +0200
+++ openssh-7.4p1/sshconnect2.c 2016-12-23 15:38:50.566432394 +0100 +++ openssh/sshconnect2.c 2017-09-26 15:21:50.677628003 +0200
@@ -677,7 +677,7 @@ input_userauth_pk_ok(int type, u_int32_t @@ -679,7 +679,7 @@ input_userauth_pk_ok(int type, u_int32_t
key->type, pktype); key->type, pktype);
goto done; goto done;
} }
@ -178,7 +178,7 @@ diff -up openssh-7.4p1/sshconnect2.c.fingerprint openssh-7.4p1/sshconnect2.c
SSH_FP_DEFAULT)) == NULL) SSH_FP_DEFAULT)) == NULL)
goto done; goto done;
debug2("input_userauth_pk_ok: fp %s", fp); debug2("input_userauth_pk_ok: fp %s", fp);
@@ -1172,7 +1172,7 @@ sign_and_send_pubkey(Authctxt *authctxt, @@ -1198,7 +1198,7 @@ sign_and_send_pubkey(Authctxt *authctxt,
int matched, ret = -1, have_sig = 1; int matched, ret = -1, have_sig = 1;
char *fp; char *fp;
@ -187,7 +187,16 @@ diff -up openssh-7.4p1/sshconnect2.c.fingerprint openssh-7.4p1/sshconnect2.c
SSH_FP_DEFAULT)) == NULL) SSH_FP_DEFAULT)) == NULL)
return 0; return 0;
debug3("%s: %s %s", __func__, key_type(id->key), fp); debug3("%s: %s %s", __func__, key_type(id->key), fp);
@@ -1864,7 +1864,7 @@ userauth_hostbased(Authctxt *authctxt) @@ -1620,7 +1620,7 @@ userauth_pubkey(Authctxt *authctxt)
if (id->key != NULL) {
if (try_identity(id)) {
if ((fp = sshkey_fingerprint(id->key,
- options.fingerprint_hash,
+ options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL) {
error("%s: sshkey_fingerprint failed",
__func__);
@@ -1914,7 +1914,7 @@ userauth_hostbased(Authctxt *authctxt)
goto out; goto out;
} }
@ -196,10 +205,10 @@ diff -up openssh-7.4p1/sshconnect2.c.fingerprint openssh-7.4p1/sshconnect2.c
SSH_FP_DEFAULT)) == NULL) { SSH_FP_DEFAULT)) == NULL) {
error("%s: sshkey_fingerprint failed", __func__); error("%s: sshkey_fingerprint failed", __func__);
goto out; goto out;
diff -up openssh-7.4p1/sshconnect.c.fingerprint openssh-7.4p1/sshconnect.c diff -up openssh/sshconnect.c.fingerprint openssh/sshconnect.c
--- openssh-7.4p1/sshconnect.c.fingerprint 2016-12-19 05:59:41.000000000 +0100 --- openssh/sshconnect.c.fingerprint 2017-09-25 01:48:10.000000000 +0200
+++ openssh-7.4p1/sshconnect.c 2016-12-23 15:38:50.566432394 +0100 +++ openssh/sshconnect.c 2017-09-26 15:21:22.622477943 +0200
@@ -922,9 +922,9 @@ check_host_key(char *hostname, struct so @@ -861,9 +861,9 @@ check_host_key(char *hostname, struct so
"of known hosts.", type, ip); "of known hosts.", type, ip);
} else if (options.visual_host_key) { } else if (options.visual_host_key) {
fp = sshkey_fingerprint(host_key, fp = sshkey_fingerprint(host_key,
@ -211,7 +220,7 @@ diff -up openssh-7.4p1/sshconnect.c.fingerprint openssh-7.4p1/sshconnect.c
if (fp == NULL || ra == NULL) if (fp == NULL || ra == NULL)
fatal("%s: sshkey_fingerprint fail", __func__); fatal("%s: sshkey_fingerprint fail", __func__);
logit("Host key fingerprint is %s\n%s", fp, ra); logit("Host key fingerprint is %s\n%s", fp, ra);
@@ -966,12 +966,6 @@ check_host_key(char *hostname, struct so @@ -907,12 +907,6 @@ check_host_key(char *hostname, struct so
else else
snprintf(msg1, sizeof(msg1), "."); snprintf(msg1, sizeof(msg1), ".");
/* The default */ /* The default */
@ -224,7 +233,7 @@ diff -up openssh-7.4p1/sshconnect.c.fingerprint openssh-7.4p1/sshconnect.c
msg2[0] = '\0'; msg2[0] = '\0';
if (options.verify_host_key_dns) { if (options.verify_host_key_dns) {
if (matching_host_key_dns) if (matching_host_key_dns)
@@ -985,16 +979,28 @@ check_host_key(char *hostname, struct so @@ -926,16 +920,28 @@ check_host_key(char *hostname, struct so
} }
snprintf(msg, sizeof(msg), snprintf(msg, sizeof(msg),
"The authenticity of host '%.200s (%s)' can't be " "The authenticity of host '%.200s (%s)' can't be "
@ -262,7 +271,7 @@ diff -up openssh-7.4p1/sshconnect.c.fingerprint openssh-7.4p1/sshconnect.c
if (!confirm(msg)) if (!confirm(msg))
goto fail; goto fail;
hostkey_trusted = 1; /* user explicitly confirmed */ hostkey_trusted = 1; /* user explicitly confirmed */
@@ -1244,7 +1250,7 @@ verify_host_key(char *host, struct socka @@ -1192,7 +1198,7 @@ verify_host_key(char *host, struct socka
struct sshkey *plain = NULL; struct sshkey *plain = NULL;
if ((fp = sshkey_fingerprint(host_key, if ((fp = sshkey_fingerprint(host_key,
@ -271,7 +280,7 @@ diff -up openssh-7.4p1/sshconnect.c.fingerprint openssh-7.4p1/sshconnect.c
error("%s: fingerprint host key: %s", __func__, ssh_err(r)); error("%s: fingerprint host key: %s", __func__, ssh_err(r));
r = -1; r = -1;
goto out; goto out;
@@ -1252,7 +1258,7 @@ verify_host_key(char *host, struct socka @@ -1200,7 +1206,7 @@ verify_host_key(char *host, struct socka
if (sshkey_is_cert(host_key)) { if (sshkey_is_cert(host_key)) {
if ((cafp = sshkey_fingerprint(host_key->cert->signature_key, if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
@ -280,7 +289,7 @@ diff -up openssh-7.4p1/sshconnect.c.fingerprint openssh-7.4p1/sshconnect.c
error("%s: fingerprint CA key: %s", error("%s: fingerprint CA key: %s",
__func__, ssh_err(r)); __func__, ssh_err(r));
r = -1; r = -1;
@@ -1432,9 +1438,9 @@ show_other_keys(struct hostkeys *hostkey @@ -1369,9 +1375,9 @@ show_other_keys(struct hostkeys *hostkey
if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found)) if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
continue; continue;
fp = sshkey_fingerprint(found->key, fp = sshkey_fingerprint(found->key,
@ -292,7 +301,7 @@ diff -up openssh-7.4p1/sshconnect.c.fingerprint openssh-7.4p1/sshconnect.c
if (fp == NULL || ra == NULL) if (fp == NULL || ra == NULL)
fatal("%s: sshkey_fingerprint fail", __func__); fatal("%s: sshkey_fingerprint fail", __func__);
logit("WARNING: %s key found for host %s\n" logit("WARNING: %s key found for host %s\n"
@@ -1457,7 +1463,7 @@ warn_changed_key(Key *host_key) @@ -1394,7 +1400,7 @@ warn_changed_key(struct sshkey *host_key
{ {
char *fp; char *fp;
@ -301,9 +310,9 @@ diff -up openssh-7.4p1/sshconnect.c.fingerprint openssh-7.4p1/sshconnect.c
SSH_FP_DEFAULT); SSH_FP_DEFAULT);
if (fp == NULL) if (fp == NULL)
fatal("%s: sshkey_fingerprint fail", __func__); fatal("%s: sshkey_fingerprint fail", __func__);
diff -up openssh-7.4p1/ssh-keysign.c.fingerprint openssh-7.4p1/ssh-keysign.c diff -up openssh/ssh-keysign.c.fingerprint openssh/ssh-keysign.c
--- openssh-7.4p1/ssh-keysign.c.fingerprint 2016-12-19 05:59:41.000000000 +0100 --- openssh/ssh-keysign.c.fingerprint 2017-09-25 01:48:10.000000000 +0200
+++ openssh-7.4p1/ssh-keysign.c 2016-12-23 15:38:50.566432394 +0100 +++ openssh/ssh-keysign.c 2017-09-26 15:21:22.622477943 +0200
@@ -285,7 +285,7 @@ main(int argc, char **argv) @@ -285,7 +285,7 @@ main(int argc, char **argv)
} }
} }

46
openssh.spec
View file

@ -20,7 +20,7 @@
Summary: OpenSSH free Secure Shell (SSH) implementation Summary: OpenSSH free Secure Shell (SSH) implementation
Name: openssh Name: openssh
Version: 7.6p1 Version: 7.6p1
Release: 2 Release: 3
License: BSD License: BSD
Group: Networking/Remote access Group: Networking/Remote access
Url: http://www.openssh.com/ Url: http://www.openssh.com/
@ -64,7 +64,7 @@ Patch18: openssh-4.3p2-askpass-grab-info.patch
Patch20: openssh-7.1p1-debian-restore-tcp-wrappers.patch Patch20: openssh-7.1p1-debian-restore-tcp-wrappers.patch
Patch21: openssh-7.2p2-x11.patch Patch21: openssh-7.2p2-x11.patch
Patch24: openssh-7.6p1-log-in-chroot.patch Patch24: openssh-7.6p1-log-in-chroot.patch
Patch25: openssh-7.4p1-show-more-fingerprints.patch Patch25: openssh-7.6p1-show-more-fingerprints.patch
# from upstream: # from upstream:
Patch30: openssh-7.6p1-permitopen-bug.patch Patch30: openssh-7.6p1-permitopen-bug.patch
BuildRequires: groff-base BuildRequires: groff-base
@ -213,32 +213,16 @@ your host.
# do some key management; taken from the initscript # do some key management; taken from the initscript
KEYGEN=/usr/bin/ssh-keygen KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key
ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
ED25519_KEY=/etc/ssh/ssh_host_ed25519_key
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n "Generating SSH1 RSA host key... "
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_rsa_keygen() { do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then if [ ! -s $RSA_KEY ]; then
echo "Generating SSH2 RSA host key... " echo "Generating SSH2 RSA host key... "
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY chmod 640 $RSA_KEY
chmod 644 $RSA_KEY.pub chmod 644 $RSA_KEY.pub
echo "done" echo "done"
echo echo
@ -254,7 +238,7 @@ do_dsa_keygen() {
if [ ! -s $DSA_KEY ]; then if [ ! -s $DSA_KEY ]; then
echo "Generating SSH2 DSA host key... " echo "Generating SSH2 DSA host key... "
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $DSA_KEY chmod 640 $DSA_KEY
chmod 644 $DSA_KEY.pub chmod 644 $DSA_KEY.pub
echo "done" echo "done"
echo echo
@ -270,7 +254,7 @@ do_ecdsa_keygen() {
if [ ! -s $ECDSA_KEY ]; then if [ ! -s $ECDSA_KEY ]; then
echo "Generating SSH2 EC DSA host key... " echo "Generating SSH2 EC DSA host key... "
if $KEYGEN -q -t dsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then if $KEYGEN -q -t dsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $ECDSA_KEY chmod 640 $ECDSA_KEY
chmod 644 $ECDSA_KEY.pub chmod 644 $ECDSA_KEY.pub
echo "done" echo "done"
echo echo
@ -282,10 +266,26 @@ do_ecdsa_keygen() {
fi fi
} }
do_rsa1_keygen do_ed25519_keygen() {
if [ ! -s $ED25519_KEY ]; then
echo "Generating SSH2 ED25519 host key... "
if $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then
chmod 640 $ED25519_KEY
chmod 644 $ED25519_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_rsa_keygen do_rsa_keygen
do_dsa_keygen do_dsa_keygen
do_ecdsa_keygen do_ecdsa_keygen
do_ed25519_keygen
%postun server %postun server
%_postun_userdel sshd %_postun_userdel sshd

22
sshd-keygen
View file

@ -25,7 +25,6 @@ fi
# Some functions to make the below more readable # Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key
ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
@ -34,27 +33,6 @@ ED25519_KEY=/etc/ssh/ssh_host_ed25519_key
# pull in sysconfig settings # pull in sysconfig settings
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n $"Generating SSH1 RSA host key: "
rm -f $RSA1_KEY
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $RSA1_KEY
chmod 640 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA1_KEY{,.pub}
fi
success $"RSA1 key generation"
echo
else
failure $"RSA1 key generation"
echo
exit 1
fi
fi
}
do_rsa_keygen() { do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then if [ ! -s $RSA_KEY ]; then
echo -n $"Generating SSH2 RSA host key: " echo -n $"Generating SSH2 RSA host key: "