Jan F 273d637
#!/bin/bash
Jan F 273d637
Jan F 273d637
# Create the host keys for the OpenSSH server.
00c7b75
KEYTYPE=$1
00c7b75
case $KEYTYPE in
00c7b75
	"dsa") ;& # disabled in FIPS
00c7b75
	"ed25519")
00c7b75
		FIPS=/proc/sys/crypto/fips_enabled
00c7b75
		if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then
00c7b75
			exit 0
00c7b75
		fi ;;
00c7b75
	"rsa") ;; # always ok
00c7b75
	"ecdsa") ;;
00c7b75
	*) # wrong argument
00c7b75
		exit 12 ;;
00c7b75
esac
00c7b75
KEY=/etc/ssh/ssh_host_${KEYTYPE}_key
Jan F 273d637
Jan F 273d637
KEYGEN=/usr/bin/ssh-keygen
00c7b75
if [[ ! -x $KEYGEN ]]; then
00c7b75
	exit 13
00c7b75
fi
1462de5
00c7b75
# remove old keys
00c7b75
rm -f $KEY{,.pub}
4253bf8
00c7b75
# create new keys
00c7b75
if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
00c7b75
	exit 1
Jan F 273d637
fi
4253bf8
00c7b75
# sanitize permissions
00c7b75
/usr/bin/chgrp ssh_keys $KEY
00c7b75
/usr/bin/chmod 640 $KEY
00c7b75
/usr/bin/chmod 644 $KEY.pub
00c7b75
if [[ -x /usr/sbin/restorecon ]]; then
00c7b75
	/usr/sbin/restorecon $KEY{,.pub}
00c7b75
fi
4253bf8
00c7b75
exit 0