[OE-core] [meta][PATCH] openssh-sshd: regenerate zero-size keys on start

Alejandro Mery amery at geeks.cl
Mon Nov 6 22:12:23 UTC 2017 

sometimes the first time a machine boots power gets pull out and the content of the
key files doesn't get sync leading to zero-size keys which permanently prevents
ssh access. it's safer to assume that zero-sized files are equivalent to non-existant
keys and generate them again.

Signed-off-by: Alejandro Mery <amery at geeks.cl>
---
 meta/recipes-connectivity/openssh/openssh/sshd_check_keys | 8 ++++----
 meta/recipes-connectivity/openssh/openssh_7.5p1.bb        | 2 ++
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
index 5463b1a4cb..8cc31c339a 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -71,19 +71,19 @@ HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | a
 [ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
 
 # create keys if necessary
-if [ ! -f $HOST_KEY_RSA ]; then
+if [ ! -s $HOST_KEY_RSA ]; then
     echo "  generating ssh RSA key..."
     generate_key $HOST_KEY_RSA rsa
 fi
-if [ ! -f $HOST_KEY_ECDSA ]; then
+if [ ! -s $HOST_KEY_ECDSA ]; then
     echo "  generating ssh ECDSA key..."
     generate_key $HOST_KEY_ECDSA ecdsa
 fi
-if [ ! -f $HOST_KEY_DSA ]; then
+if [ ! -s $HOST_KEY_DSA ]; then
     echo "  generating ssh DSA key..."
     generate_key $HOST_KEY_DSA dsa
 fi
-if [ ! -f $HOST_KEY_ED25519 ]; then
+if [ ! -s $HOST_KEY_ED25519 ]; then
     echo "  generating ssh ED25519 key..."
     generate_key $HOST_KEY_ED25519 ed25519
 fi
diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
index 86ca6ff372..2f178b26d8 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
@@ -8,6 +8,8 @@ SECTION = "console/network"
 LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
 
+PR = "r1"
+
 # openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48
 DEPENDS = "zlib openssl10"
 DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-- 
2.15.0

More information about the Openembedded-core mailing list