summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRasmus Villemoes <rasmus.villemoes@prevas.dk>2023-09-29 10:43:15 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2023-10-04 23:55:12 +0100
commitf7cbd05853ef1204327b08559ba194e46b3bdd46 (patch)
tree7b63608abaf1de90a4728779645028a2bf94367a
parentce804a67979bd618b2d9c08fbaed7819597b3e9f (diff)
downloadpoky-f7cbd05853ef1204327b08559ba194e46b3bdd46.tar.gz
openssh: update sshd_check_keys script to make use of 'sshd -G'
Parsing sshd's config file with 'sed' does not work in for example the case where somebody has made use of the new ability to add a config fragment in /etc/ssh/sshd_config.d/ with one or more HostKey stanzas. Also, sshd_config keywords are case-insensitive, but the current sed pattern only matches the CamelCase spelling of HostKey. In openssh 9.3, sshd learnt a new command line flag '-G', which causes sshd to parse the given configuration file and print the resulting effective configuration on stdout. So use that instead. Furthermore, since that "effective configuration" includes the default set of host keys if the configuration file has no HostKey stanzas, we also avoid the script needing to know what sshd's default is - that could plausibly change with some future release. (From OE-Core rev: dd27f9d869b8aa28dfb18de037a24ab0ec735718) Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_check_keys3
1 files changed, 1 insertions, 2 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
index ef117de897..606d1894b5 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -57,8 +57,7 @@ while true ; do
57 esac 57 esac
58done 58done
59 59
60HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") 60HOST_KEYS=$(sshd -G -f "${sshd_config}" | grep -i '^hostkey ' | cut -f2 -d' ')
61[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key"
62 61
63for key in ${HOST_KEYS} ; do 62for key in ${HOST_KEYS} ; do
64 [ -f $key ] && continue 63 [ -f $key ] && continue