forked from rpms/openssh
		
	add support for ED25519 keys to sshd-keygen and sshd.sysconfig
This commit is contained in:
		
							parent
							
								
									44fb3c6aeb
								
							
						
					
					
						commit
						4253bf87ac
					
				
							
								
								
									
										55
									
								
								sshd-keygen
									
									
									
									
									
								
							
							
						
						
									
										55
									
								
								sshd-keygen
									
									
									
									
									
								
							| @ -4,7 +4,7 @@ | |||||||
| # | # | ||||||
| # The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment | # The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment | ||||||
| # variable. | # variable. | ||||||
| AUTOCREATE_SERVER_KEYS=NODSA | AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519" | ||||||
| 
 | 
 | ||||||
| # source function library | # source function library | ||||||
| . /etc/rc.d/init.d/functions | . /etc/rc.d/init.d/functions | ||||||
| @ -15,6 +15,7 @@ RSA1_KEY=/etc/ssh/ssh_host_key | |||||||
| RSA_KEY=/etc/ssh/ssh_host_rsa_key | RSA_KEY=/etc/ssh/ssh_host_rsa_key | ||||||
| DSA_KEY=/etc/ssh/ssh_host_dsa_key | DSA_KEY=/etc/ssh/ssh_host_dsa_key | ||||||
| ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key | ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key | ||||||
|  | ED25519_KEY=/etc/ssh/ssh_host_ed25519_key | ||||||
| 
 | 
 | ||||||
| # pull in sysconfig settings | # pull in sysconfig settings | ||||||
| [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd | [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd | ||||||
| @ -36,7 +37,7 @@ do_rsa1_keygen() { | |||||||
| 			chmod 640 $RSA1_KEY | 			chmod 640 $RSA1_KEY | ||||||
| 			chmod 644 $RSA1_KEY.pub | 			chmod 644 $RSA1_KEY.pub | ||||||
| 			if [ -x /sbin/restorecon ]; then | 			if [ -x /sbin/restorecon ]; then | ||||||
| 			    /sbin/restorecon $RSA1_KEY.pub | 			    /sbin/restorecon $RSA1_KEY{,.pub} | ||||||
| 			fi | 			fi | ||||||
| 			success $"RSA1 key generation" | 			success $"RSA1 key generation" | ||||||
| 			echo | 			echo | ||||||
| @ -57,7 +58,7 @@ do_rsa_keygen() { | |||||||
| 			chmod 640 $RSA_KEY | 			chmod 640 $RSA_KEY | ||||||
| 			chmod 644 $RSA_KEY.pub | 			chmod 644 $RSA_KEY.pub | ||||||
| 			if [ -x /sbin/restorecon ]; then | 			if [ -x /sbin/restorecon ]; then | ||||||
| 			    /sbin/restorecon $RSA_KEY.pub | 			    /sbin/restorecon $RSA_KEY{,.pub} | ||||||
| 			fi | 			fi | ||||||
| 			success $"RSA key generation" | 			success $"RSA key generation" | ||||||
| 			echo | 			echo | ||||||
| @ -78,7 +79,7 @@ do_dsa_keygen() { | |||||||
| 			chmod 640 $DSA_KEY | 			chmod 640 $DSA_KEY | ||||||
| 			chmod 644 $DSA_KEY.pub | 			chmod 644 $DSA_KEY.pub | ||||||
| 			if [ -x /sbin/restorecon ]; then | 			if [ -x /sbin/restorecon ]; then | ||||||
| 			    /sbin/restorecon $DSA_KEY.pub | 			    /sbin/restorecon $DSA_KEY{,.pub} | ||||||
| 			fi | 			fi | ||||||
| 			success $"DSA key generation" | 			success $"DSA key generation" | ||||||
| 			echo | 			echo | ||||||
| @ -99,7 +100,7 @@ do_ecdsa_keygen() { | |||||||
| 			chmod 640 $ECDSA_KEY | 			chmod 640 $ECDSA_KEY | ||||||
| 			chmod 644 $ECDSA_KEY.pub | 			chmod 644 $ECDSA_KEY.pub | ||||||
| 			if [ -x /sbin/restorecon ]; then | 			if [ -x /sbin/restorecon ]; then | ||||||
| 			    /sbin/restorecon $ECDSA_KEY.pub | 			    /sbin/restorecon $ECDSA_KEY{,.pub} | ||||||
| 			fi | 			fi | ||||||
| 			success $"ECDSA key generation" | 			success $"ECDSA key generation" | ||||||
| 			echo | 			echo | ||||||
| @ -111,13 +112,43 @@ do_ecdsa_keygen() { | |||||||
| 	fi | 	fi | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # Create keys if necessary | do_ed25519_keygen() { | ||||||
| if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then | 	if [ ! -s $ED25519_KEY ]; then | ||||||
| 	do_rsa_keygen | 		echo -n $"Generating SSH2 ED25519 host key: " | ||||||
| 	if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then | 		rm -f $ED25519_KEY | ||||||
| 		do_ecdsa_keygen | 		if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then | ||||||
| 		if [ "x${AUTOCREATE_SERVER_KEYS}" != xNODSA ]; then | 			chgrp ssh_keys $ED25519_KEY | ||||||
| 			do_dsa_keygen | 			chmod 640 $ED25519_KEY | ||||||
|  | 			chmod 644 $ED25519_KEY.pub | ||||||
|  | 			if [ -x /sbin/restorecon ]; then | ||||||
|  | 			    /sbin/restorecon $ED25519_KEY{,.pub} | ||||||
|  | 			fi | ||||||
|  | 			success $"ED25519 key generation" | ||||||
|  | 			echo | ||||||
|  | 		else | ||||||
|  | 			failure $"ED25519 key generation" | ||||||
|  | 			echo | ||||||
|  | 			exit 1 | ||||||
| 		fi | 		fi | ||||||
| 	fi | 	fi | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then | ||||||
|  | 	exit 0 | ||||||
| fi | fi | ||||||
|  | 
 | ||||||
|  | # legacy options | ||||||
|  | case $AUTOCREATE_SERVER_KEYS in | ||||||
|  | 	NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";; | ||||||
|  | 	RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";; | ||||||
|  | 	YES) AUTOCREATE_SERVER_KEYS="DSA RSA ECDSA ED25519";; | ||||||
|  | esac | ||||||
|  | 
 | ||||||
|  | for KEY in $AUTOCREATE_SERVER_KEYS; do | ||||||
|  | 	case $KEY in | ||||||
|  | 		DSA) do_dsa_keygen;; | ||||||
|  | 		RSA) do_rsa_keygen;; | ||||||
|  | 		ECDSA) do_ecdsa_keygen;; | ||||||
|  | 		ED25519) do_ed25519_keygen;; | ||||||
|  | 	esac | ||||||
|  | done | ||||||
|  | |||||||
| @ -1,14 +1,12 @@ | |||||||
| # Configuration file for the sshd service. | # Configuration file for the sshd service. | ||||||
| 
 | 
 | ||||||
| # The server keys are automatically generated if they omitted | # The server keys are automatically generated if they are missing. | ||||||
| # to change the automatic creation uncomment the appropriate | # To change the automatic creation uncomment and change the appropriate | ||||||
| # line. The default is NODSA which means rsa and ecdsa keys are | # line. Accepted key types are: DSA RSA ECDSA ED25519. | ||||||
| # generated. | # The default is "RSA ECDSA ED25519" | ||||||
| 
 | 
 | ||||||
| # AUTOCREATE_SERVER_KEYS=NODSA | # AUTOCREATE_SERVER_KEYS="" | ||||||
| # AUTOCREATE_SERVER_KEYS=RSAONLY | # AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519" | ||||||
| # AUTOCREATE_SERVER_KEYS=NO |  | ||||||
| # AUTOCREATE_SERVER_KEYS=YES |  | ||||||
| 
 | 
 | ||||||
| # Do not change this option unless you have hardware random | # Do not change this option unless you have hardware random | ||||||
| # generator and you REALLY know what you are doing | # generator and you REALLY know what you are doing | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user