Now that SSHv1 is gone is should also go away from the places where host keys are generated. Greetings, Eike -- Rolf Eike Beer, emlix GmbH, http://www.emlix.com Fon +49 551 30664-0, Fax +49 551 30664-11 Bertha-von-Suttner-Str. 9, 37085 Göttingen, Germany Sitz der Gesellschaft: Göttingen, Amtsgericht Göttingen HR B 3160 Geschäftsführung: Heike Jordan, Dr. Uwe Kracke – Ust-IdNr.: DE 205 198 055 emlix – smart embedded open source
>From ea3c2b90c31011b53768fea689d5316e4a61a3c1 Mon Sep 17 00:00:00 2001
From: Rolf Eike Beer <eb@xxxxxxxxx>
Date: Thu, 12 Oct 2017 11:39:47 +0200
Subject: [PATCH 3/3] remove creation of RSA1 host keys from scripts
---
Makefile.in | 3 ---
contrib/redhat/sshd.init | 1 -
contrib/redhat/sshd.init.old | 17 -----------------
opensshd.init.in | 4 ----
4 files changed, 25 deletions(-)
diff --git a/Makefile.in b/Makefile.in
index 379d378c..6ce95c61 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -373,9 +373,6 @@ host-key: ssh-keygen$(EXEEXT)
fi
host-key-force: ssh-keygen$(EXEEXT) ssh$(EXEEXT)
- if ./ssh -Q protocol-version | grep '^1$$' >/dev/null; then \
- ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""; \
- fi
./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
./ssh-keygen -t ed25519 -f $(DESTDIR)$(sysconfdir)/ssh_host_ed25519_key -N ""
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init
index 40c8dfd9..8ee5fcd3 100755
--- a/contrib/redhat/sshd.init
+++ b/contrib/redhat/sshd.init
@@ -40,7 +40,6 @@ start()
# Create keys if necessary
/usr/bin/ssh-keygen -A
if [ -x /sbin/restorecon ]; then
- /sbin/restorecon /etc/ssh/ssh_host_key.pub
/sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
/sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
/sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
diff --git a/contrib/redhat/sshd.init.old b/contrib/redhat/sshd.init.old
index 0deb6080..8a30f7da 100755
--- a/contrib/redhat/sshd.init.old
+++ b/contrib/redhat/sshd.init.old
@@ -24,7 +24,6 @@ prog="sshd"
# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
SSHD=/usr/sbin/sshd
-RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
PID_FILE=/var/run/sshd.pid
@@ -61,21 +60,6 @@ my_failure() {
;;
esac
}
-do_rsa1_keygen() {
- if [ ! -s $RSA1_KEY ]; then
- echo -n "Generating SSH1 RSA host key: "
- if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
- chmod 600 $RSA1_KEY
- chmod 644 $RSA1_KEY.pub
- my_success "RSA1 key generation"
- echo
- else
- my_failure "RSA1 key generation"
- echo
- exit 1
- fi
- fi
-}
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo -n "Generating SSH2 RSA host key: "
@@ -119,7 +103,6 @@ do_restart_sanity_check() {
case "$1" in
start)
# Create keys if necessary
- do_rsa1_keygen;
do_rsa_keygen;
do_dsa_keygen;
diff --git a/opensshd.init.in b/opensshd.init.in
index 3908566b..99e5a51a 100755
--- a/opensshd.init.in
+++ b/opensshd.init.in
@@ -17,7 +17,6 @@ PIDFILE=$piddir/sshd.pid
PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'`
[ X$PidFile = X ] || PIDFILE=$PidFile
SSH_KEYGEN=$prefix/bin/ssh-keygen
-HOST_KEY_RSA1=$sysconfdir/ssh_host_key
HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key
HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key
@COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key
@@ -25,9 +24,6 @@ HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key
checkkeys() {
-@COMMENT_OUT_RSA1@ if [ ! -f $HOST_KEY_RSA1 ]; then
-@COMMENT_OUT_RSA1@ ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
-@COMMENT_OUT_RSA1@ fi
if [ ! -f $HOST_KEY_DSA ]; then
${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
fi
--
2.14.2
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
