modified: configure.ac opensshd.init.in

Skip generating missing RSA1 key on startup unless ssh1 support is enabled.
Spotted by Jean-Pierre Radley

configure.ac

@@ -123,6 +123,7 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
 
 openssl=yes
 ssh1=no
+COMMENT_OUT_RSA1="#no ssh1#"
 AC_ARG_WITH([openssl],
 	[  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
 	[  if test "x$withval" = "xno" ; then
@@ -147,6 +148,7 @@ AC_ARG_WITH([ssh1],
 				AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
 			fi
 			ssh1=yes
+			COMMENT_OUT_RSA1=""
 		elif test "x$withval" = "xno" ; then
 			ssh1=no
 		else
@@ -158,6 +160,7 @@ AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
 if test "x$ssh1" = "xyes" ; then
 	AC_MSG_RESULT([yes])
 	AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
+	AC_SUBST([COMMENT_OUT_RSA1])
 else
 	AC_MSG_RESULT([no])
 fi

opensshd.init.in

@@ -25,9 +25,9 @@ HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key
 
 
 checkkeys() {
-    if [ ! -f $HOST_KEY_RSA1 ]; then
-	${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
-    fi
+@COMMENT_OUT_RSA1@    if [ ! -f $HOST_KEY_RSA1 ]; then
+@COMMENT_OUT_RSA1@	${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
+@COMMENT_OUT_RSA1@    fi
     if [ ! -f $HOST_KEY_DSA ]; then
 	${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
     fi