Add legacy sshd-keygen for anaconda (#1331077)
This commit is contained in:
parent
1380564732
commit
0b5300a59c
@ -90,6 +90,7 @@ Source12: sshd-keygen@.service
|
||||
Source13: sshd-keygen
|
||||
Source14: sshd.tmpfiles
|
||||
Source15: sshd-keygen.target
|
||||
Source16: sshd-keygen.legacy
|
||||
|
||||
# Internal debug
|
||||
Patch0: openssh-5.9p1-wIm.patch
|
||||
@ -648,6 +649,7 @@ install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck
|
||||
install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||
install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
|
||||
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
|
||||
install -m755 %{SOURCE16} $RPM_BUILD_ROOT/%{_sbindir}/sshd-keygen
|
||||
install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
|
||||
install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service
|
||||
install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket
|
||||
@ -761,6 +763,7 @@ getent passwd sshd >/dev/null || \
|
||||
%files server
|
||||
%dir %attr(0711,root,root) %{_var}/empty/sshd
|
||||
%attr(0755,root,root) %{_sbindir}/sshd
|
||||
%attr(0755,root,root) %{_sbindir}/sshd-keygen
|
||||
%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
|
||||
|
168
sshd-keygen.legacy
Normal file
168
sshd-keygen.legacy
Normal file
@ -0,0 +1,168 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Create the host keys for the OpenSSH server.
|
||||
#
|
||||
# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
|
||||
# variable.
|
||||
AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
|
||||
|
||||
if [ -f /etc/rc.d/init.d/functions ]; then
|
||||
# source function library
|
||||
. /etc/rc.d/init.d/functions
|
||||
else
|
||||
# minimal implimantation of success and failure function
|
||||
success()
|
||||
{
|
||||
echo -en $"[ OK ]\r"
|
||||
return 0
|
||||
}
|
||||
failure()
|
||||
{
|
||||
echo -en $"[FAILED]\r"
|
||||
return 1
|
||||
}
|
||||
fi
|
||||
|
||||
# Some functions to make the below more readable
|
||||
KEYGEN=/usr/bin/ssh-keygen
|
||||
RSA1_KEY=/etc/ssh/ssh_host_key
|
||||
RSA_KEY=/etc/ssh/ssh_host_rsa_key
|
||||
DSA_KEY=/etc/ssh/ssh_host_dsa_key
|
||||
ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
|
||||
ED25519_KEY=/etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
# pull in sysconfig settings
|
||||
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
|
||||
|
||||
fips_enabled() {
|
||||
if [ -r /proc/sys/crypto/fips_enabled ]; then
|
||||
cat /proc/sys/crypto/fips_enabled
|
||||
else
|
||||
echo 0
|
||||
fi
|
||||
}
|
||||
|
||||
do_rsa1_keygen() {
|
||||
if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
|
||||
echo -n $"Generating SSH1 RSA host key: "
|
||||
rm -f $RSA1_KEY
|
||||
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
|
||||
chgrp ssh_keys $RSA1_KEY
|
||||
chmod 640 $RSA1_KEY
|
||||
chmod 644 $RSA1_KEY.pub
|
||||
if [ -x /sbin/restorecon ]; then
|
||||
/sbin/restorecon $RSA1_KEY{,.pub}
|
||||
fi
|
||||
success $"RSA1 key generation"
|
||||
echo
|
||||
else
|
||||
failure $"RSA1 key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_rsa_keygen() {
|
||||
if [ ! -s $RSA_KEY ]; then
|
||||
echo -n $"Generating SSH2 RSA host key: "
|
||||
rm -f $RSA_KEY
|
||||
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
|
||||
chgrp ssh_keys $RSA_KEY
|
||||
chmod 640 $RSA_KEY
|
||||
chmod 644 $RSA_KEY.pub
|
||||
if [ -x /sbin/restorecon ]; then
|
||||
/sbin/restorecon $RSA_KEY{,.pub}
|
||||
fi
|
||||
success $"RSA key generation"
|
||||
echo
|
||||
else
|
||||
failure $"RSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_dsa_keygen() {
|
||||
if [ ! -s $DSA_KEY -a `fips_enabled` -eq 0 ]; then
|
||||
echo -n $"Generating SSH2 DSA host key: "
|
||||
rm -f $DSA_KEY
|
||||
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
|
||||
chgrp ssh_keys $DSA_KEY
|
||||
chmod 640 $DSA_KEY
|
||||
chmod 644 $DSA_KEY.pub
|
||||
if [ -x /sbin/restorecon ]; then
|
||||
/sbin/restorecon $DSA_KEY{,.pub}
|
||||
fi
|
||||
success $"DSA key generation"
|
||||
echo
|
||||
else
|
||||
failure $"DSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_ecdsa_keygen() {
|
||||
if [ ! -s $ECDSA_KEY ]; then
|
||||
echo -n $"Generating SSH2 ECDSA host key: "
|
||||
rm -f $ECDSA_KEY
|
||||
if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
|
||||
chgrp ssh_keys $ECDSA_KEY
|
||||
chmod 640 $ECDSA_KEY
|
||||
chmod 644 $ECDSA_KEY.pub
|
||||
if [ -x /sbin/restorecon ]; then
|
||||
/sbin/restorecon $ECDSA_KEY{,.pub}
|
||||
fi
|
||||
success $"ECDSA key generation"
|
||||
echo
|
||||
else
|
||||
failure $"ECDSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_ed25519_keygen() {
|
||||
if [ ! -s $ED25519_KEY -a `fips_enabled` -eq 0 ]; then
|
||||
echo -n $"Generating SSH2 ED25519 host key: "
|
||||
rm -f $ED25519_KEY
|
||||
if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then
|
||||
chgrp ssh_keys $ED25519_KEY
|
||||
chmod 640 $ED25519_KEY
|
||||
chmod 644 $ED25519_KEY.pub
|
||||
if [ -x /sbin/restorecon ]; then
|
||||
/sbin/restorecon $ED25519_KEY{,.pub}
|
||||
fi
|
||||
success $"ED25519 key generation"
|
||||
echo
|
||||
else
|
||||
failure $"ED25519 key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# legacy options
|
||||
case $AUTOCREATE_SERVER_KEYS in
|
||||
NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
|
||||
RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";;
|
||||
YES) AUTOCREATE_SERVER_KEYS="DSA RSA ECDSA ED25519";;
|
||||
esac
|
||||
|
||||
for KEY in $AUTOCREATE_SERVER_KEYS; do
|
||||
case $KEY in
|
||||
DSA) do_dsa_keygen;;
|
||||
RSA) do_rsa_keygen;;
|
||||
ECDSA) do_ecdsa_keygen;;
|
||||
ED25519) do_ed25519_keygen;;
|
||||
esac
|
||||
done
|
Loading…
Reference in New Issue
Block a user