sshd-keygen - don't generate DSA and ED25519 host keys in FIPS mode

2014-09-23 10:59:03 +02:00 · 2014-09-23 10:59:03 +02:00 · c8fc193f3d
commit c8fc193f3d
parent afde9f8153
1 changed files with 2 additions and 2 deletions
--- a/4
+++ b/4
@ -71,7 +71,7 @@ do_rsa_keygen() {
 }

 do_dsa_keygen() {
-	if [ ! -s $DSA_KEY ]; then
+	if [ ! -s $DSA_KEY -a `fips_enabled` -eq 0 ]; then
 		echo -n $"Generating SSH2 DSA host key: "
 		rm -f $DSA_KEY
 		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
@ -113,7 +113,7 @@ do_ecdsa_keygen() {
 }

 do_ed25519_keygen() {
-	if [ ! -s $ED25519_KEY ]; then
+	if [ ! -s $ED25519_KEY -a `fips_enabled` -eq 0 ]; then
 		echo -n $"Generating SSH2 ED25519 host key: "
 		rm -f $ED25519_KEY
 		if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then