diff options
author | Rasmus Villemoes <rasmus.villemoes@prevas.dk> | 2023-09-29 10:43:15 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-10-04 23:55:12 +0100 |
commit | f7cbd05853ef1204327b08559ba194e46b3bdd46 (patch) | |
tree | 7b63608abaf1de90a4728779645028a2bf94367a | |
parent | ce804a67979bd618b2d9c08fbaed7819597b3e9f (diff) | |
download | poky-f7cbd05853ef1204327b08559ba194e46b3bdd46.tar.gz |
openssh: update sshd_check_keys script to make use of 'sshd -G'
Parsing sshd's config file with 'sed' does not work in for example the
case where somebody has made use of the new ability to add a config
fragment in /etc/ssh/sshd_config.d/ with one or more HostKey
stanzas. Also, sshd_config keywords are case-insensitive, but the
current sed pattern only matches the CamelCase spelling of HostKey.
In openssh 9.3, sshd learnt a new command line flag '-G', which causes
sshd to parse the given configuration file and print the resulting
effective configuration on stdout. So use that instead.
Furthermore, since that "effective configuration" includes the default
set of host keys if the configuration file has no HostKey stanzas, we
also avoid the script needing to know what sshd's default is - that
could plausibly change with some future release.
(From OE-Core rev: dd27f9d869b8aa28dfb18de037a24ab0ec735718)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/sshd_check_keys | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index ef117de897..606d1894b5 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys | |||
@@ -57,8 +57,7 @@ while true ; do | |||
57 | esac | 57 | esac |
58 | done | 58 | done |
59 | 59 | ||
60 | HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") | 60 | HOST_KEYS=$(sshd -G -f "${sshd_config}" | grep -i '^hostkey ' | cut -f2 -d' ') |
61 | [ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key" | ||
62 | 61 | ||
63 | for key in ${HOST_KEYS} ; do | 62 | for key in ${HOST_KEYS} ; do |
64 | [ -f $key ] && continue | 63 | [ -f $key ] && continue |