[oe-commits] [openembedded-core] 43/44: openssh: only create sshd host keys which have been enabled
git at git.openembedded.org
git at git.openembedded.org
Fri Jun 15 10:18:01 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
commit 2303d795ae96f1a60caf145a0ddf100e89c4b5b0
Author: Andre McCurdy <armccurdy at gmail.com>
AuthorDate: Thu Jun 7 11:48:39 2018 -0700
openssh: only create sshd host keys which have been enabled
Previously sshd_check_keys would create a full set of all possible
sshd host keys, even if sshd_config has been set to only enable
certain key types.
Update sshd_check_keys to only create keys which have been enabled in
sshd_config (with a fallback to creating a full set of key types if
no HostKey options are defined, as before).
Signed-off-by: Andre McCurdy <armccurdy at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
.../openssh/openssh/sshd_check_keys | 42 ++++++++++------------
1 file changed, 19 insertions(+), 23 deletions(-)
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
index be2e2ec..1931dc7 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -56,27 +56,23 @@ while true ; do
esac
done
-# parse location of keys
-HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
-[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
-[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
-HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
-[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
-[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
-HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
-[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
-[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
+HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}")
+[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key"
-# create keys if necessary
-if [ ! -f $HOST_KEY_RSA ]; then
- echo " generating ssh RSA key..."
- generate_key $HOST_KEY_RSA rsa
-fi
-if [ ! -f $HOST_KEY_ECDSA ]; then
- echo " generating ssh ECDSA key..."
- generate_key $HOST_KEY_ECDSA ecdsa
-fi
-if [ ! -f $HOST_KEY_ED25519 ]; then
- echo " generating ssh ED25519 key..."
- generate_key $HOST_KEY_ED25519 ed25519
-fi
+for key in ${HOST_KEYS} ; do
+ [ -f $key ] && continue
+ case $key in
+ *_rsa_key)
+ echo " generating ssh RSA host key..."
+ generate_key $key rsa
+ ;;
+ *_ecdsa_key)
+ echo " generating ssh ECDSA host key..."
+ generate_key $key ecdsa
+ ;;
+ *_ed25519_key)
+ echo " generating ssh ED25519 host key..."
+ generate_key $key ed25519
+ ;;
+ esac
+done
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list