From 6a7dd92929fcc61281e9897b29b0e7a240fd25e6 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 26 Jul 2016 12:57:48 +0200 Subject: [PATCH] Remove legacy sshd-keygen (#1359762) Revert "Add legacy sshd-keygen for anaconda (#1331077)" This reverts commit 0b5300a59c5b88489f9a00f529670fb2723de34e. --- openssh.spec | 3 - sshd-keygen.legacy | 168 --------------------------------------------- 2 files changed, 171 deletions(-) delete mode 100644 sshd-keygen.legacy diff --git a/openssh.spec b/openssh.spec index 9071526..4ff9036 100644 --- a/openssh.spec +++ b/openssh.spec @@ -90,7 +90,6 @@ Source12: sshd-keygen@.service Source13: sshd-keygen Source14: sshd.tmpfiles Source15: sshd-keygen.target -Source16: sshd-keygen.legacy # Internal debug Patch0: openssh-5.9p1-wIm.patch @@ -672,7 +671,6 @@ install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd -install -m755 %{SOURCE16} $RPM_BUILD_ROOT/%{_sbindir}/sshd-keygen install -d -m755 $RPM_BUILD_ROOT/%{_unitdir} install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket @@ -777,7 +775,6 @@ getent passwd sshd >/dev/null || \ %files server %dir %attr(0711,root,root) %{_var}/empty/sshd %attr(0755,root,root) %{_sbindir}/sshd -%attr(0755,root,root) %{_sbindir}/sshd-keygen %attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server %attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen diff --git a/sshd-keygen.legacy b/sshd-keygen.legacy deleted file mode 100644 index 78da730..0000000 --- a/sshd-keygen.legacy +++ /dev/null @@ -1,168 +0,0 @@ -#!/bin/bash - -# Create the host keys for the OpenSSH server. -# -# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment -# variable. -AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519" - -if [ -f /etc/rc.d/init.d/functions ]; then - # source function library - . /etc/rc.d/init.d/functions -else - # minimal implimantation of success and failure function - success() - { - echo -en $"[ OK ]\r" - return 0 - } - failure() - { - echo -en $"[FAILED]\r" - return 1 - } -fi - -# Some functions to make the below more readable -KEYGEN=/usr/bin/ssh-keygen -RSA1_KEY=/etc/ssh/ssh_host_key -RSA_KEY=/etc/ssh/ssh_host_rsa_key -DSA_KEY=/etc/ssh/ssh_host_dsa_key -ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key -ED25519_KEY=/etc/ssh/ssh_host_ed25519_key - -# pull in sysconfig settings -[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd - -fips_enabled() { - if [ -r /proc/sys/crypto/fips_enabled ]; then - cat /proc/sys/crypto/fips_enabled - else - echo 0 - fi -} - -do_rsa1_keygen() { - if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then - echo -n $"Generating SSH1 RSA host key: " - rm -f $RSA1_KEY - if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then - chgrp ssh_keys $RSA1_KEY - chmod 640 $RSA1_KEY - chmod 644 $RSA1_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $RSA1_KEY{,.pub} - fi - success $"RSA1 key generation" - echo - else - failure $"RSA1 key generation" - echo - exit 1 - fi - fi -} - -do_rsa_keygen() { - if [ ! -s $RSA_KEY ]; then - echo -n $"Generating SSH2 RSA host key: " - rm -f $RSA_KEY - if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then - chgrp ssh_keys $RSA_KEY - chmod 640 $RSA_KEY - chmod 644 $RSA_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $RSA_KEY{,.pub} - fi - success $"RSA key generation" - echo - else - failure $"RSA key generation" - echo - exit 1 - fi - fi -} - -do_dsa_keygen() { - if [ ! -s $DSA_KEY -a `fips_enabled` -eq 0 ]; then - echo -n $"Generating SSH2 DSA host key: " - rm -f $DSA_KEY - if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then - chgrp ssh_keys $DSA_KEY - chmod 640 $DSA_KEY - chmod 644 $DSA_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $DSA_KEY{,.pub} - fi - success $"DSA key generation" - echo - else - failure $"DSA key generation" - echo - exit 1 - fi - fi -} - -do_ecdsa_keygen() { - if [ ! -s $ECDSA_KEY ]; then - echo -n $"Generating SSH2 ECDSA host key: " - rm -f $ECDSA_KEY - if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then - chgrp ssh_keys $ECDSA_KEY - chmod 640 $ECDSA_KEY - chmod 644 $ECDSA_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $ECDSA_KEY{,.pub} - fi - success $"ECDSA key generation" - echo - else - failure $"ECDSA key generation" - echo - exit 1 - fi - fi -} - -do_ed25519_keygen() { - if [ ! -s $ED25519_KEY -a `fips_enabled` -eq 0 ]; then - echo -n $"Generating SSH2 ED25519 host key: " - rm -f $ED25519_KEY - if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then - chgrp ssh_keys $ED25519_KEY - chmod 640 $ED25519_KEY - chmod 644 $ED25519_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $ED25519_KEY{,.pub} - fi - success $"ED25519 key generation" - echo - else - failure $"ED25519 key generation" - echo - exit 1 - fi - fi -} - -if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then - exit 0 -fi - -# legacy options -case $AUTOCREATE_SERVER_KEYS in - NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";; - RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";; - YES) AUTOCREATE_SERVER_KEYS="DSA RSA ECDSA ED25519";; -esac - -for KEY in $AUTOCREATE_SERVER_KEYS; do - case $KEY in - DSA) do_dsa_keygen;; - RSA) do_rsa_keygen;; - ECDSA) do_ecdsa_keygen;; - ED25519) do_ed25519_keygen;; - esac -done