[PATCH] remove creation of RSA1 host keys from scripts

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Now that SSHv1 is gone is should also go away from the places where host keys 
are generated.

Greetings,

Eike
-- 
Rolf Eike Beer, emlix GmbH, http://www.emlix.com
Fon +49 551 30664-0, Fax +49 551 30664-11
Bertha-von-Suttner-Str. 9, 37085 Göttingen, Germany
Sitz der Gesellschaft: Göttingen, Amtsgericht Göttingen HR B 3160
Geschäftsführung: Heike Jordan, Dr. Uwe Kracke – Ust-IdNr.: DE 205 198 055

emlix – smart embedded open source
>From ea3c2b90c31011b53768fea689d5316e4a61a3c1 Mon Sep 17 00:00:00 2001
From: Rolf Eike Beer <eb@xxxxxxxxx>
Date: Thu, 12 Oct 2017 11:39:47 +0200
Subject: [PATCH 3/3] remove creation of RSA1 host keys from scripts

---
 Makefile.in                  |  3 ---
 contrib/redhat/sshd.init     |  1 -
 contrib/redhat/sshd.init.old | 17 -----------------
 opensshd.init.in             |  4 ----
 4 files changed, 25 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 379d378c..6ce95c61 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -373,9 +373,6 @@ host-key: ssh-keygen$(EXEEXT)
 	fi
 
 host-key-force: ssh-keygen$(EXEEXT) ssh$(EXEEXT)
-	if ./ssh -Q protocol-version | grep '^1$$' >/dev/null; then \
-		./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""; \
-	fi
 	./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
 	./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
 	./ssh-keygen -t ed25519 -f $(DESTDIR)$(sysconfdir)/ssh_host_ed25519_key -N ""
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init
index 40c8dfd9..8ee5fcd3 100755
--- a/contrib/redhat/sshd.init
+++ b/contrib/redhat/sshd.init
@@ -40,7 +40,6 @@ start()
 	# Create keys if necessary
 	/usr/bin/ssh-keygen -A
 	if [ -x /sbin/restorecon ]; then
-		/sbin/restorecon /etc/ssh/ssh_host_key.pub
 		/sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
 		/sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
 		/sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
diff --git a/contrib/redhat/sshd.init.old b/contrib/redhat/sshd.init.old
index 0deb6080..8a30f7da 100755
--- a/contrib/redhat/sshd.init.old
+++ b/contrib/redhat/sshd.init.old
@@ -24,7 +24,6 @@ prog="sshd"
 # Some functions to make the below more readable
 KEYGEN=/usr/bin/ssh-keygen
 SSHD=/usr/sbin/sshd
-RSA1_KEY=/etc/ssh/ssh_host_key
 RSA_KEY=/etc/ssh/ssh_host_rsa_key
 DSA_KEY=/etc/ssh/ssh_host_dsa_key
 PID_FILE=/var/run/sshd.pid
@@ -61,21 +60,6 @@ my_failure() {
     ;;
   esac
 }
-do_rsa1_keygen() {
-	if [ ! -s $RSA1_KEY ]; then
-		echo -n "Generating SSH1 RSA host key: "
-		if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $RSA1_KEY
-			chmod 644 $RSA1_KEY.pub
-			my_success "RSA1 key generation"
-			echo
-		else
-			my_failure "RSA1 key generation"
-			echo
-			exit 1
-		fi
-	fi
-}
 do_rsa_keygen() {
 	if [ ! -s $RSA_KEY ]; then
 		echo -n "Generating SSH2 RSA host key: "
@@ -119,7 +103,6 @@ do_restart_sanity_check() {
 case "$1" in
 	start)
 		# Create keys if necessary
-		do_rsa1_keygen;
 		do_rsa_keygen;
 		do_dsa_keygen;
 		
diff --git a/opensshd.init.in b/opensshd.init.in
index 3908566b..99e5a51a 100755
--- a/opensshd.init.in
+++ b/opensshd.init.in
@@ -17,7 +17,6 @@ PIDFILE=$piddir/sshd.pid
 PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'`
 [ X$PidFile = X ]  ||  PIDFILE=$PidFile
 SSH_KEYGEN=$prefix/bin/ssh-keygen
-HOST_KEY_RSA1=$sysconfdir/ssh_host_key
 HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key
 HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key
 @COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key
@@ -25,9 +24,6 @@ HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key
 
 
 checkkeys() {
-@COMMENT_OUT_RSA1@    if [ ! -f $HOST_KEY_RSA1 ]; then
-@COMMENT_OUT_RSA1@	${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
-@COMMENT_OUT_RSA1@    fi
     if [ ! -f $HOST_KEY_DSA ]; then
 	${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
     fi
-- 
2.14.2

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux