diff options
author | Andre McCurdy <armccurdy@gmail.com> | 2018-05-25 15:07:20 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-06-07 08:52:55 +0100 |
commit | e68613e0b84b6fd8847e068c13e244805379b8d9 (patch) | |
tree | 16bf3621532faf2a6665b8705ea63ba94c6f8638 /meta | |
parent | dd475f1d04b3a091e704a6193bbcf902197f12cc (diff) | |
download | poky-e68613e0b84b6fd8847e068c13e244805379b8d9.tar.gz |
openssh: drop sshd support for DSA host keys
DSA keys have been deprecated for some time:
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
(From OE-Core rev: e6a1c8c4ef4a1d2add6a7492d43027c4c0682300)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/sshd_check_keys | 8 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/sshd_config | 1 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_7.7p1.bb | 1 |
3 files changed, 0 insertions, 10 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index 5463b1a4cb..be2e2ec0a6 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys | |||
@@ -60,9 +60,6 @@ done | |||
60 | HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') | 60 | HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') |
61 | [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') | 61 | [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') |
62 | [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key | 62 | [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key |
63 | HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') | ||
64 | [ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') | ||
65 | [ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key | ||
66 | HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') | 63 | HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') |
67 | [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') | 64 | [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') |
68 | [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key | 65 | [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key |
@@ -79,12 +76,7 @@ if [ ! -f $HOST_KEY_ECDSA ]; then | |||
79 | echo " generating ssh ECDSA key..." | 76 | echo " generating ssh ECDSA key..." |
80 | generate_key $HOST_KEY_ECDSA ecdsa | 77 | generate_key $HOST_KEY_ECDSA ecdsa |
81 | fi | 78 | fi |
82 | if [ ! -f $HOST_KEY_DSA ]; then | ||
83 | echo " generating ssh DSA key..." | ||
84 | generate_key $HOST_KEY_DSA dsa | ||
85 | fi | ||
86 | if [ ! -f $HOST_KEY_ED25519 ]; then | 79 | if [ ! -f $HOST_KEY_ED25519 ]; then |
87 | echo " generating ssh ED25519 key..." | 80 | echo " generating ssh ED25519 key..." |
88 | generate_key $HOST_KEY_ED25519 ed25519 | 81 | generate_key $HOST_KEY_ED25519 ed25519 |
89 | fi | 82 | fi |
90 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config index 31fe5d924e..b7c3ccd984 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config | |||
@@ -22,7 +22,6 @@ Protocol 2 | |||
22 | #HostKey /etc/ssh/ssh_host_key | 22 | #HostKey /etc/ssh/ssh_host_key |
23 | # HostKeys for protocol version 2 | 23 | # HostKeys for protocol version 2 |
24 | #HostKey /etc/ssh/ssh_host_rsa_key | 24 | #HostKey /etc/ssh/ssh_host_rsa_key |
25 | #HostKey /etc/ssh/ssh_host_dsa_key | ||
26 | #HostKey /etc/ssh/ssh_host_ecdsa_key | 25 | #HostKey /etc/ssh/ssh_host_ecdsa_key |
27 | #HostKey /etc/ssh/ssh_host_ed25519_key | 26 | #HostKey /etc/ssh/ssh_host_ed25519_key |
28 | 27 | ||
diff --git a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb index 691dec6140..7b6ee5ccaf 100644 --- a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb | |||
@@ -110,7 +110,6 @@ do_install_append () { | |||
110 | install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly | 110 | install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly |
111 | sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly | 111 | sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly |
112 | echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | 112 | echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly |
113 | echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
114 | echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | 113 | echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly |
115 | echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | 114 | echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly |
116 | 115 | ||