Make default key sizes configurable in sshd-keygen
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
parent
2e80dd6896
commit
d23ed33031
@ -744,6 +744,7 @@ test -f %{sysconfig_anaconda} && \
|
|||||||
%changelog
|
%changelog
|
||||||
* Thu May 09 2024 Zoltan Fridrich <zfridric@redhat.com> - 9.6p1-1.3
|
* Thu May 09 2024 Zoltan Fridrich <zfridric@redhat.com> - 9.6p1-1.3
|
||||||
- Correctly audit hostname and IP address (RHEL-22316)
|
- Correctly audit hostname and IP address (RHEL-22316)
|
||||||
|
- Make default key sizes configurable in sshd-keygen (RHEL-26454)
|
||||||
|
|
||||||
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.6p1-1.2
|
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.6p1-1.2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
|
12
sshd-keygen
12
sshd-keygen
@ -9,8 +9,14 @@ case $KEYTYPE in
|
|||||||
if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then
|
if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then
|
||||||
exit 0
|
exit 0
|
||||||
fi ;;
|
fi ;;
|
||||||
"rsa") ;; # always ok
|
"rsa")
|
||||||
"ecdsa") ;;
|
if [[ ! -z $SSH_RSA_BITS ]]; then
|
||||||
|
SSH_KEYGEN_OPTIONS="-b $SSH_RSA_BITS"
|
||||||
|
fi ;; # always ok
|
||||||
|
"ecdsa")
|
||||||
|
if [[ ! -z $SSH_ECDSA_BITS ]]; then
|
||||||
|
SSH_KEYGEN_OPTIONS="-b $SSH_ECDSA_BITS"
|
||||||
|
fi ;;
|
||||||
*) # wrong argument
|
*) # wrong argument
|
||||||
exit 12 ;;
|
exit 12 ;;
|
||||||
esac
|
esac
|
||||||
@ -25,7 +31,7 @@ fi
|
|||||||
rm -f $KEY{,.pub}
|
rm -f $KEY{,.pub}
|
||||||
|
|
||||||
# create new keys
|
# create new keys
|
||||||
if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
|
if ! $KEYGEN -q -t $KEYTYPE $SSH_KEYGEN_OPTIONS -f $KEY -C '' -N '' >&/dev/null; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -5,3 +5,6 @@
|
|||||||
# example using systemctl enable sshd-keygen@dsa.service to allow creation
|
# example using systemctl enable sshd-keygen@dsa.service to allow creation
|
||||||
# of DSA key or systemctl mask sshd-keygen@rsa.service to disable RSA key
|
# of DSA key or systemctl mask sshd-keygen@rsa.service to disable RSA key
|
||||||
# creation.
|
# creation.
|
||||||
|
|
||||||
|
#SSH_RSA_BITS=3072
|
||||||
|
#SSH_ECDSA_BITS=256
|
||||||
|
Loading…
Reference in New Issue
Block a user