summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorAndre McCurdy <armccurdy@gmail.com>2018-05-25 15:07:20 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-06-07 08:52:55 +0100
commite68613e0b84b6fd8847e068c13e244805379b8d9 (patch)
tree16bf3621532faf2a6665b8705ea63ba94c6f8638 /meta
parentdd475f1d04b3a091e704a6193bbcf902197f12cc (diff)
downloadpoky-e68613e0b84b6fd8847e068c13e244805379b8d9.tar.gz
openssh: drop sshd support for DSA host keys
DSA keys have been deprecated for some time: https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html (From OE-Core rev: e6a1c8c4ef4a1d2add6a7492d43027c4c0682300) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_check_keys8
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_config1
-rw-r--r--meta/recipes-connectivity/openssh/openssh_7.7p1.bb1
3 files changed, 0 insertions, 10 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
index 5463b1a4cb..be2e2ec0a6 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -60,9 +60,6 @@ done
60HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') 60HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
61[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') 61[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
62[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key 62[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
63HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
64[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
65[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
66HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') 63HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
67[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') 64[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
68[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key 65[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
@@ -79,12 +76,7 @@ if [ ! -f $HOST_KEY_ECDSA ]; then
79 echo " generating ssh ECDSA key..." 76 echo " generating ssh ECDSA key..."
80 generate_key $HOST_KEY_ECDSA ecdsa 77 generate_key $HOST_KEY_ECDSA ecdsa
81fi 78fi
82if [ ! -f $HOST_KEY_DSA ]; then
83 echo " generating ssh DSA key..."
84 generate_key $HOST_KEY_DSA dsa
85fi
86if [ ! -f $HOST_KEY_ED25519 ]; then 79if [ ! -f $HOST_KEY_ED25519 ]; then
87 echo " generating ssh ED25519 key..." 80 echo " generating ssh ED25519 key..."
88 generate_key $HOST_KEY_ED25519 ed25519 81 generate_key $HOST_KEY_ED25519 ed25519
89fi 82fi
90
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index 31fe5d924e..b7c3ccd984 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -22,7 +22,6 @@ Protocol 2
22#HostKey /etc/ssh/ssh_host_key 22#HostKey /etc/ssh/ssh_host_key
23# HostKeys for protocol version 2 23# HostKeys for protocol version 2
24#HostKey /etc/ssh/ssh_host_rsa_key 24#HostKey /etc/ssh/ssh_host_rsa_key
25#HostKey /etc/ssh/ssh_host_dsa_key
26#HostKey /etc/ssh/ssh_host_ecdsa_key 25#HostKey /etc/ssh/ssh_host_ecdsa_key
27#HostKey /etc/ssh/ssh_host_ed25519_key 26#HostKey /etc/ssh/ssh_host_ed25519_key
28 27
diff --git a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
index 691dec6140..7b6ee5ccaf 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
@@ -110,7 +110,6 @@ do_install_append () {
110 install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly 110 install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
111 sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly 111 sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
112 echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly 112 echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
113 echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
114 echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly 113 echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
115 echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly 114 echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
116 115