From cf3e0be7f5828a5e5f6c296a607d20be2f07d60c Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 1 Aug 2016 14:31:52 -0700 Subject: [PATCH] modified: configure.ac opensshd.init.in Skip generating missing RSA1 key on startup unless ssh1 support is enabled. Spotted by Jean-Pierre Radley --- configure.ac | 3 +++ opensshd.init.in | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 373d21b34..7c1956dc6 100644 --- a/configure.ac +++ b/configure.ac @@ -123,6 +123,7 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ openssl=yes ssh1=no +COMMENT_OUT_RSA1="#no ssh1#" AC_ARG_WITH([openssl], [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], [ if test "x$withval" = "xno" ; then @@ -147,6 +148,7 @@ AC_ARG_WITH([ssh1], AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) fi ssh1=yes + COMMENT_OUT_RSA1="" elif test "x$withval" = "xno" ; then ssh1=no else @@ -158,6 +160,7 @@ AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) if test "x$ssh1" = "xyes" ; then AC_MSG_RESULT([yes]) AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) + AC_SUBST([COMMENT_OUT_RSA1]) else AC_MSG_RESULT([no]) fi diff --git a/opensshd.init.in b/opensshd.init.in index 517345bfb..3908566b7 100755 --- a/opensshd.init.in +++ b/opensshd.init.in @@ -25,9 +25,9 @@ HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key checkkeys() { - if [ ! -f $HOST_KEY_RSA1 ]; then - ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N "" - fi +@COMMENT_OUT_RSA1@ if [ ! -f $HOST_KEY_RSA1 ]; then +@COMMENT_OUT_RSA1@ ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N "" +@COMMENT_OUT_RSA1@ fi if [ ! -f $HOST_KEY_DSA ]; then ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" fi