From 95401eea8503943449f712e5f3de52fc0bc612c5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 20 Aug 2021 18:14:13 +1000 Subject: [PATCH] Replace shell function with ssh-keygen -A. Prevents the init script in the SysV package from trying (and failing) to generate unsupported key types. Remove now-unused COMMENT_OUT_ECC. ok tim@ --- configure.ac | 5 ----- opensshd.init.in | 22 +--------------------- 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/configure.ac b/configure.ac index 01e7d2a4f..cbf27db25 100644 --- a/configure.ac +++ b/configure.ac @@ -3100,7 +3100,6 @@ if test "x$openssl" = "xyes" ; then AC_MSG_RESULT([no]) ) - COMMENT_OUT_ECC="#no ecc#" TEST_SSH_ECC=no if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ @@ -3115,7 +3114,6 @@ if test "x$openssl" = "xyes" ; then AC_DEFINE([OPENSSL_HAS_NISTP256], [1], [libcrypto has NID_X9_62_prime256v1]) TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" else unsupported_algorithms="$unsupported_algorithms \ ecdsa-sha2-nistp256 \ @@ -3125,7 +3123,6 @@ if test "x$openssl" = "xyes" ; then if test x$enable_nistp384 = x1; then AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" else unsupported_algorithms="$unsupported_algorithms \ ecdsa-sha2-nistp384 \ @@ -3135,7 +3132,6 @@ if test "x$openssl" = "xyes" ; then if test x$enable_nistp521 = x1; then AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" else unsupported_algorithms="$unsupported_algorithms \ ecdh-sha2-nistp521 \ @@ -3144,7 +3140,6 @@ if test "x$openssl" = "xyes" ; then fi AC_SUBST([TEST_SSH_ECC]) - AC_SUBST([COMMENT_OUT_ECC]) else AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) AC_CHECK_FUNCS([crypt]) diff --git a/opensshd.init.in b/opensshd.init.in index 99e5a51ab..251724805 100755 --- a/opensshd.init.in +++ b/opensshd.init.in @@ -17,26 +17,6 @@ PIDFILE=$piddir/sshd.pid PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'` [ X$PidFile = X ] || PIDFILE=$PidFile SSH_KEYGEN=$prefix/bin/ssh-keygen -HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key -HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key -@COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key -HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key - - -checkkeys() { - if [ ! -f $HOST_KEY_DSA ]; then - ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" - fi - if [ ! -f $HOST_KEY_RSA ]; then - ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" - fi -@COMMENT_OUT_ECC@ if [ ! -f $HOST_KEY_ECDSA ]; then -@COMMENT_OUT_ECC@ ${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N "" -@COMMENT_OUT_ECC@ fi - if [ ! -f $HOST_KEY_ED25519 ]; then - ${SSH_KEYGEN} -t ed25519 -f ${HOST_KEY_ED25519} -N "" - fi -} stop_service() { if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then @@ -54,7 +34,7 @@ start_service() { # XXX we will opt out at this time. - Bal # Check to see if we have keys that need to be made - checkkeys + ${SSH_KEYGEN} -A # Start SSHD echo "starting $SSHD... \c" ; $SSHD