diff options
| author |   Andre McCurdy <armccurdy@gmail.com> | 2018-06-07 11:48:39 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-06-15 11:15:39 +0100 |
| commit | 2303d795ae96f1a60caf145a0ddf100e89c4b5b0 (patch) | |
| tree | d6781f02902a812b67b8bedb99b01381653a1995 /meta/recipes-connectivity | |
| parent | b81389c50e0d191e31f71af82d86bfbb37b83acc (diff) | |
| download | openembedded-core-2303d795ae96f1a60caf145a0ddf100e89c4b5b0.tar.gz | |
openssh: only create sshd host keys which have been enabled
Previously sshd_check_keys would create a full set of all possible
sshd host keys, even if sshd_config has been set to only enable
certain key types.
Update sshd_check_keys to only create keys which have been enabled in
sshd_config (with a fallback to creating a full set of key types if
no HostKey options are defined, as before).
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh/sshd_check_keys | 42 |
1 files changed, 19 insertions, 23 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index be2e2ec0a6..1931dc7153 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -56,27 +56,23 @@ while true ; do esac done -# parse location of keys -HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key -HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key -HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key +HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") +[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key" -# create keys if necessary -if [ ! -f $HOST_KEY_RSA ]; then - echo " generating ssh RSA key..." - generate_key $HOST_KEY_RSA rsa -fi -if [ ! -f $HOST_KEY_ECDSA ]; then - echo " generating ssh ECDSA key..." - generate_key $HOST_KEY_ECDSA ecdsa -fi -if [ ! -f $HOST_KEY_ED25519 ]; then - echo " generating ssh ED25519 key..." - generate_key $HOST_KEY_ED25519 ed25519 -fi +for key in ${HOST_KEYS} ; do + [ -f $key ] && continue + case $key in + *_rsa_key) + echo " generating ssh RSA host key..." + generate_key $key rsa + ;; + *_ecdsa_key) + echo " generating ssh ECDSA host key..." + generate_key $key ecdsa + ;; + *_ed25519_key) + echo " generating ssh ED25519 host key..." + generate_key $key ed25519 + ;; + esac +done |