Make default key sizes configurable in sshd-keygen

Resolves: RHEL-26454 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-05-02 16:16:48 +02:00 · 2024-05-02 16:16:48 +02:00 · 01178d1eef
parent 7fedb4cdc0
commit 01178d1eef
2 changed files with 11 additions and 3 deletions
--- a/openssh.spec
+++ b/openssh.spec
@ -804,6 +804,8 @@ test -f %{sysconfig_anaconda} && \
 * Thu May 02 2024 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-40
 - Correctly audit hostname and IP address
  Resolves: RHEL-22316
+- Make default key sizes configurable in sshd-keygen
+  Resolves: RHEL-26454

 * Wed Apr 24 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-39
 - Use FIPS-compatible API for key derivation
--- a/12
+++ b/12
@ -9,8 +9,14 @@ case $KEYTYPE in
 		if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then
 			exit 0
 		fi ;;
-	"rsa") ;; # always ok
-	"ecdsa") ;;
+	"rsa")
+		if [[ ! -z $SSH_RSA_BITS  ]]; then
+			SSH_KEYGEN_OPTIONS="-b $SSH_RSA_BITS"
+		fi ;; # always ok
+	"ecdsa") 
+		if [[ ! -z $SSH_ECDSA_BITS  ]]; then
+			SSH_KEYGEN_OPTIONS="-b $SSH_ECDSA_BITS"
+		fi ;;
 	*) # wrong argument
 		exit 12 ;;
 esac
@ -25,7 +31,7 @@ fi
 rm -f $KEY{,.pub}

 # create new keys
-if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
+if ! $KEYGEN -q -t $KEYTYPE $SSH_KEYGEN_OPTIONS -f $KEY -C '' -N '' >&/dev/null; then
 	exit 1
 fi