Tue Aug 15 05:36:08 2017 UTC ()
Pull up following revision(s) (requested by mrg in ticket #1468):
	etc/rc.d/sshd: revision 1.22
	etc/rc.d/sshd: revision 1.23
PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.
--
Add new keytype, replace duplicated code with loop


(snj)
diff -r1.21 -r1.21.12.1 src/etc/rc.d/sshd
cvs diff -r1.21 -r1.21.12.1 src/etc/rc.d/sshd (expand / switch to unified diff)

--- src/etc/rc.d/sshd 2011/07/25 03:04:23 1.21
+++ src/etc/rc.d/sshd 2017/08/15 05:36:08 1.21.12.1
@@ -1,74 +1,62 @@ @@ -1,74 +1,62 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $NetBSD: sshd,v 1.21 2011/07/25 03:04:23 christos Exp $ 3# $NetBSD: sshd,v 1.21.12.1 2017/08/15 05:36:08 snj Exp $
4# 4#
5 5
6# PROVIDE: sshd 6# PROVIDE: sshd
7# REQUIRE: LOGIN 7# REQUIRE: LOGIN
8 8
9$_rc_subr_loaded . /etc/rc.subr 9$_rc_subr_loaded . /etc/rc.subr
10 10
11name="sshd" 11name="sshd"
12rcvar=$name 12rcvar=$name
13command="/usr/sbin/${name}" 13command="/usr/sbin/${name}"
14pidfile="/var/run/${name}.pid" 14pidfile="/var/run/${name}.pid"
15required_files="/etc/ssh/sshd_config" 15required_files="/etc/ssh/sshd_config"
16extra_commands="keygen reload" 16extra_commands="keygen reload"
17 17
18sshd_keygen() 18sshd_keygen()
19{ 19{
20 ( 20(
 21 keygen="/usr/bin/ssh-keygen"
21 umask 022 22 umask 022
22 if [ -f /etc/ssh/ssh_host_key ]; then 23 while read type bits filename version name; do
23 echo "You already have an RSA host key" \ 24 f="/etc/ssh/$filename"
24 "in /etc/ssh/ssh_host_key" 25 if [ -f "$f" ]; then
25 echo "Skipping protocol version 1 RSA Key Generation" 26 echo "You already have an $name host key in $f"
26 else 27 echo "Skipping protocol version $version $name" \
27 /usr/bin/ssh-keygen -t rsa1 ${ssh_keygen_flags} \ 28 "Key Generation"
28 -f /etc/ssh/ssh_host_key -N '' 29 else
29 fi 30 case "${bits}" in
30 31 -1) bitarg=;;
31 if [ -f /etc/ssh/ssh_host_dsa_key ]; then 32 0) bitarg="${ssh_keygen_flags}";;
32 echo "You already have a DSA host key" \ 33 *) bitarg="-b ${bits}";;
33 "in /etc/ssh/ssh_host_dsa_key" 34 esac
34 echo "Skipping protocol version 2 DSA Key Generation" 35 "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N ''
35 else 36 fi
36 /usr/bin/ssh-keygen -t dsa ${ssh_keygen_flags} \ 37 done << _EOF
37 -f /etc/ssh/ssh_host_dsa_key -N '' 38rsa1 0 ssh_host_key 1 RSA
38 fi 39dsa 1024 ssh_host_dsa_key 2 DSA
39 40ecdsa 521 ssh_host_ecdsa_key 1 ECDSA
40 if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then 41ed25519 -1 ssh_host_ed25519_key 1 ED25519
41 echo "You already have a ECDSA host key" \ 42rsa 0 ssh_host_rsa_key 2 RSA
42 "in /etc/ssh/ssh_host_ecdsa_key" 43_EOF
43 echo "Skipping protocol version 1 ECDSA Key Generation" 44)
44 else 
45 /usr/bin/ssh-keygen -t ecdsa -b 521 \ 
46 -f /etc/ssh/ssh_host_ecdsa_key -N '' 
47 fi 
48 
49 if [ -f /etc/ssh/ssh_host_rsa_key ]; then 
50 echo "You already have a RSA host key" \ 
51 "in /etc/ssh/ssh_host_rsa_key" 
52 echo "Skipping protocol version 2 RSA Key Generation" 
53 else 
54 /usr/bin/ssh-keygen -t rsa ${ssh_keygen_flags} \ 
55 -f /etc/ssh/ssh_host_rsa_key -N '' 
56 fi 
57 ) 
58} 45}
59 46
60sshd_precmd() 47sshd_precmd()
61{ 48{
62 if [ ! -f /etc/ssh/ssh_host_key -o \ 49 if [ ! -f /etc/ssh/ssh_host_key -o \
63 ! -f /etc/ssh/ssh_host_dsa_key -o \ 50 ! -f /etc/ssh/ssh_host_dsa_key -o \
64 ! -f /etc/ssh/ssh_host_ecdsa_key -o \ 51 ! -f /etc/ssh/ssh_host_ecdsa_key -o \
 52 ! -f /etc/ssh/ssh_host_ed25519_key -o \
65 ! -f /etc/ssh/ssh_host_rsa_key ]; then 53 ! -f /etc/ssh/ssh_host_rsa_key ]; then
66 run_rc_command keygen 54 run_rc_command keygen
67 fi 55 fi
68} 56}
69 57
70keygen_cmd=sshd_keygen 58keygen_cmd=sshd_keygen
71start_precmd=sshd_precmd 59start_precmd=sshd_precmd
72 60
73load_rc_config $name 61load_rc_config $name
74run_rc_command "$1" 62run_rc_command "$1"