rpms / openssh

Clone
Source Code
GIT

Blame sshd-keygen.legacy

86_addmissingnb f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fix_f38_terrapin fix_f39_terrapin gsskexfix main master-future openssh85286 openssh96_rebase_combined openssh_96rebase openssh_rebase_90to93 openssh_rebase_90to93_cont openssh_rebase_90to93_fin private-controlpersist-4_3p2-9-branch private-master-vanilla private-openssh-4_5p1-6-controlpersist-branch rawhide sshkeysign_fix
  1.   1144aef1d1c4e8f0887a2e61910dea7bcd7224d2
  2.   sshd-keygen.legacy
Blob History Raw
0b5300a 
#!/bin/bash
0b5300a
0b5300a 
# Create the host keys for the OpenSSH server.
0b5300a 
#
0b5300a 
# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
0b5300a 
# variable.
0b5300a 
AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
0b5300a
0b5300a 
if [ -f /etc/rc.d/init.d/functions ]; then
0b5300a 
    # source function library
0b5300a 
    . /etc/rc.d/init.d/functions
0b5300a 
else
0b5300a 
    # minimal implimantation of success and failure function
0b5300a 
    success()
0b5300a 
    {
0b5300a 
        echo -en $"[  OK  ]\r"
0b5300a 
        return 0
0b5300a 
    }
0b5300a 
    failure()
0b5300a 
    {
0b5300a 
        echo -en $"[FAILED]\r"
0b5300a 
        return 1
0b5300a 
    }
0b5300a 
fi
0b5300a
0b5300a 
# Some functions to make the below more readable
0b5300a 
KEYGEN=/usr/bin/ssh-keygen
0b5300a 
RSA1_KEY=/etc/ssh/ssh_host_key
0b5300a 
RSA_KEY=/etc/ssh/ssh_host_rsa_key
0b5300a 
DSA_KEY=/etc/ssh/ssh_host_dsa_key
0b5300a 
ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
0b5300a 
ED25519_KEY=/etc/ssh/ssh_host_ed25519_key
0b5300a
0b5300a 
# pull in sysconfig settings
0b5300a 
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
0b5300a
0b5300a 
fips_enabled() {
0b5300a 
	if [ -r /proc/sys/crypto/fips_enabled ]; then
0b5300a 
		cat /proc/sys/crypto/fips_enabled
0b5300a 
	else
0b5300a 
		echo 0
0b5300a 
	fi
0b5300a 
}
0b5300a
0b5300a 
do_rsa1_keygen() {
0b5300a 
	if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
0b5300a 
		echo -n $"Generating SSH1 RSA host key: "
0b5300a 
		rm -f $RSA1_KEY
0b5300a 
		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
0b5300a 
			chgrp ssh_keys $RSA1_KEY
0b5300a 
			chmod 640 $RSA1_KEY
0b5300a 
			chmod 644 $RSA1_KEY.pub
0b5300a 
			if [ -x /sbin/restorecon ]; then
0b5300a 
			    /sbin/restorecon $RSA1_KEY{,.pub}
0b5300a 
			fi
0b5300a 
			success $"RSA1 key generation"
0b5300a 
			echo
0b5300a 
		else
0b5300a 
			failure $"RSA1 key generation"
0b5300a 
			echo
0b5300a 
			exit 1
0b5300a 
		fi
0b5300a 
	fi
0b5300a 
}
0b5300a
0b5300a 
do_rsa_keygen() {
0b5300a 
	if [ ! -s $RSA_KEY ]; then
0b5300a 
		echo -n $"Generating SSH2 RSA host key: "
0b5300a 
		rm -f $RSA_KEY
0b5300a 
		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
0b5300a 
			chgrp ssh_keys $RSA_KEY
0b5300a 
			chmod 640 $RSA_KEY
0b5300a 
			chmod 644 $RSA_KEY.pub
0b5300a 
			if [ -x /sbin/restorecon ]; then
0b5300a 
			    /sbin/restorecon $RSA_KEY{,.pub}
0b5300a 
			fi
0b5300a 
			success $"RSA key generation"
0b5300a 
			echo
0b5300a 
		else
0b5300a 
			failure $"RSA key generation"
0b5300a 
			echo
0b5300a 
			exit 1
0b5300a 
		fi
0b5300a 
	fi
0b5300a 
}
0b5300a
0b5300a 
do_dsa_keygen() {
0b5300a 
	if [ ! -s $DSA_KEY -a `fips_enabled` -eq 0 ]; then
0b5300a 
		echo -n $"Generating SSH2 DSA host key: "
0b5300a 
		rm -f $DSA_KEY
0b5300a 
		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
0b5300a 
			chgrp ssh_keys $DSA_KEY
0b5300a 
			chmod 640 $DSA_KEY
0b5300a 
			chmod 644 $DSA_KEY.pub
0b5300a 
			if [ -x /sbin/restorecon ]; then
0b5300a 
			    /sbin/restorecon $DSA_KEY{,.pub}
0b5300a 
			fi
0b5300a 
			success $"DSA key generation"
0b5300a 
			echo
0b5300a 
		else
0b5300a 
			failure $"DSA key generation"
0b5300a 
			echo
0b5300a 
			exit 1
0b5300a 
		fi
0b5300a 
	fi
0b5300a 
}
0b5300a
0b5300a 
do_ecdsa_keygen() {
0b5300a 
	if [ ! -s $ECDSA_KEY ]; then
0b5300a 
		echo -n $"Generating SSH2 ECDSA host key: "
0b5300a 
		rm -f $ECDSA_KEY
0b5300a 
		if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
0b5300a 
			chgrp ssh_keys $ECDSA_KEY
0b5300a 
			chmod 640 $ECDSA_KEY
0b5300a 
			chmod 644 $ECDSA_KEY.pub
0b5300a 
			if [ -x /sbin/restorecon ]; then
0b5300a 
			    /sbin/restorecon $ECDSA_KEY{,.pub}
0b5300a 
			fi
0b5300a 
			success $"ECDSA key generation"
0b5300a 
			echo
0b5300a 
		else
0b5300a 
			failure $"ECDSA key generation"
0b5300a 
			echo
0b5300a 
			exit 1
0b5300a 
		fi
0b5300a 
	fi
0b5300a 
}
0b5300a
0b5300a 
do_ed25519_keygen() {
0b5300a 
	if [ ! -s $ED25519_KEY -a `fips_enabled` -eq 0 ]; then
0b5300a 
		echo -n $"Generating SSH2 ED25519 host key: "
0b5300a 
		rm -f $ED25519_KEY
0b5300a 
		if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then
0b5300a 
			chgrp ssh_keys $ED25519_KEY
0b5300a 
			chmod 640 $ED25519_KEY
0b5300a 
			chmod 644 $ED25519_KEY.pub
0b5300a 
			if [ -x /sbin/restorecon ]; then
0b5300a 
			    /sbin/restorecon $ED25519_KEY{,.pub}
0b5300a 
			fi
0b5300a 
			success $"ED25519 key generation"
0b5300a 
			echo
0b5300a 
		else
0b5300a 
			failure $"ED25519 key generation"
0b5300a 
			echo
0b5300a 
			exit 1
0b5300a 
		fi
0b5300a 
	fi
0b5300a 
}
0b5300a
0b5300a 
if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then
0b5300a 
	exit 0
0b5300a 
fi
0b5300a
0b5300a 
# legacy options
0b5300a 
case $AUTOCREATE_SERVER_KEYS in
0b5300a 
	NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
0b5300a 
	RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";;
0b5300a 
	YES) AUTOCREATE_SERVER_KEYS="DSA RSA ECDSA ED25519";;
0b5300a 
esac
0b5300a
0b5300a 
for KEY in $AUTOCREATE_SERVER_KEYS; do
0b5300a 
	case $KEY in
0b5300a 
		DSA) do_dsa_keygen;;
0b5300a 
		RSA) do_rsa_keygen;;
0b5300a 
		ECDSA) do_ecdsa_keygen;;
0b5300a 
		ED25519) do_ed25519_keygen;;
0b5300a 
	esac
0b5300a 
done
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.