jonathan/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity

don't create RSA1 key in FIPS mode

Browse Source
This commit is contained in:
Petr Lautrbach 2012-04-06 21:00:10 +02:00
parent 7294a991a2
commit 2539b1c4f2
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sshd-keygen
View File

@ -17,8 +17,16 @@ RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key
fips_enabled() {
if [ -r /proc/sys/crypto/fips_enabled ]; then
cat /proc/sys/crypto/fips_enabled
else
echo 0
fi
}
do_rsa1_keygen() { do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
echo -n $"Generating SSH1 RSA host key: " echo -n $"Generating SSH1 RSA host key: "
rm -f $RSA1_KEY rm -f $RSA1_KEY
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then