rpms / openssh

Clone
Source Code
GIT

Files

86_addmissingnb f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fix_f38_terrapin fix_f39_terrapin gsskexfix main master-future openssh85286 openssh96_rebase_combined openssh_96rebase openssh_rebase_90to93 openssh_rebase_90to93_cont openssh_rebase_90to93_fin private-controlpersist-4_3p2-9-branch private-master-vanilla private-openssh-4_5p1-6-controlpersist-branch rawhide sshkeysign_fix
  1.   f19
  2.   sshd-keygen
Blob Blame History Raw 
#!/bin/bash

# Create the host keys for the OpenSSH server.
#
# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
# variable.

# source function library
. /etc/rc.d/init.d/functions

# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key

# pull in sysconfig settings
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd

fips_enabled() {
	if [ -r /proc/sys/crypto/fips_enabled ]; then
		cat /proc/sys/crypto/fips_enabled
	else
		echo 0
	fi
}

do_rsa1_keygen() {
	if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
		echo -n $"Generating SSH1 RSA host key: "
		rm -f $RSA1_KEY
		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
			chgrp ssh_keys $RSA1_KEY
			chmod 640 $RSA1_KEY
			chmod 644 $RSA1_KEY.pub
			if [ -x /sbin/restorecon ]; then
			    /sbin/restorecon $RSA1_KEY.pub
			fi
			success $"RSA1 key generation"
			echo
		else
			failure $"RSA1 key generation"
			echo
			exit 1
		fi
	fi
}

do_rsa_keygen() {
	if [ ! -s $RSA_KEY ]; then
		echo -n $"Generating SSH2 RSA host key: "
		rm -f $RSA_KEY
		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
			chgrp ssh_keys $RSA_KEY
			chmod 640 $RSA_KEY
			chmod 644 $RSA_KEY.pub
			if [ -x /sbin/restorecon ]; then
			    /sbin/restorecon $RSA_KEY.pub
			fi
			success $"RSA key generation"
			echo
		else
			failure $"RSA key generation"
			echo
			exit 1
		fi
	fi
}

do_dsa_keygen() {
	if [ ! -s $DSA_KEY ]; then
		echo -n $"Generating SSH2 DSA host key: "
		rm -f $DSA_KEY
		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
			chgrp ssh_keys $DSA_KEY
			chmod 640 $DSA_KEY
			chmod 644 $DSA_KEY.pub
			if [ -x /sbin/restorecon ]; then
			    /sbin/restorecon $DSA_KEY.pub
			fi
			success $"DSA key generation"
			echo
		else
			failure $"DSA key generation"
			echo
			exit 1
		fi
	fi
}

do_ecdsa_keygen() {
	if [ ! -s $ECDSA_KEY ]; then
		echo -n $"Generating SSH2 ECDSA host key: "
		rm -f $ECDSA_KEY
		if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
			chgrp ssh_keys $ECDSA_KEY
			chmod 640 $ECDSA_KEY
			chmod 644 $ECDSA_KEY.pub
			if [ -x /sbin/restorecon ]; then
			    /sbin/restorecon $ECDSA_KEY.pub
			fi
			success $"ECDSA key generation"
			echo
		else
			failure $"ECDSA key generation"
			echo
			exit 1
		fi
	fi
}

# Create keys if necessary
if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
	do_rsa_keygen
	if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
		do_rsa1_keygen
		do_dsa_keygen
		do_ecdsa_keygen
	fi
fi
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.