summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_check_keys42
1 files changed, 34 insertions, 8 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
index f5bba53ca3..5463b1a4cb 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -1,5 +1,35 @@
1#! /bin/sh 1#! /bin/sh
2 2
3generate_key() {
4 local FILE=$1
5 local TYPE=$2
6 local DIR="$(dirname "$FILE")"
7
8 mkdir -p "$DIR"
9 ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE
10
11 # Atomically rename file public key
12 mv -f "${FILE}.tmp.pub" "${FILE}.pub"
13
14 # This sync does double duty: Ensuring that the data in the temporary
15 # private key file is on disk before the rename, and ensuring that the
16 # public key rename is completed before the private key rename, since we
17 # switch on the existence of the private key to trigger key generation.
18 # This does mean it is possible for the public key to exist, but be garbage
19 # but this is OK because in that case the private key won't exist and the
20 # keys will be regenerated.
21 #
22 # In the event that sync understands arguments that limit what it tries to
23 # fsync(), we provided them. If it does not, it will simply call sync()
24 # which is just as well
25 sync "${FILE}.pub" "$DIR" "${FILE}.tmp"
26
27 mv "${FILE}.tmp" "$FILE"
28
29 # sync to ensure the atomic rename is committed
30 sync "$DIR"
31}
32
3# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS 33# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
4if test -f /etc/default/ssh; then 34if test -f /etc/default/ssh; then
5 . /etc/default/ssh 35 . /etc/default/ssh
@@ -43,22 +73,18 @@ HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | a
43# create keys if necessary 73# create keys if necessary
44if [ ! -f $HOST_KEY_RSA ]; then 74if [ ! -f $HOST_KEY_RSA ]; then
45 echo " generating ssh RSA key..." 75 echo " generating ssh RSA key..."
46 mkdir -p $(dirname $HOST_KEY_RSA) 76 generate_key $HOST_KEY_RSA rsa
47 ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
48fi 77fi
49if [ ! -f $HOST_KEY_ECDSA ]; then 78if [ ! -f $HOST_KEY_ECDSA ]; then
50 echo " generating ssh ECDSA key..." 79 echo " generating ssh ECDSA key..."
51 mkdir -p $(dirname $HOST_KEY_ECDSA) 80 generate_key $HOST_KEY_ECDSA ecdsa
52 ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
53fi 81fi
54if [ ! -f $HOST_KEY_DSA ]; then 82if [ ! -f $HOST_KEY_DSA ]; then
55 echo " generating ssh DSA key..." 83 echo " generating ssh DSA key..."
56 mkdir -p $(dirname $HOST_KEY_DSA) 84 generate_key $HOST_KEY_DSA dsa
57 ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
58fi 85fi
59if [ ! -f $HOST_KEY_ED25519 ]; then 86if [ ! -f $HOST_KEY_ED25519 ]; then
60 echo " generating ssh ED25519 key..." 87 echo " generating ssh ED25519 key..."
61 mkdir -p $(dirname $HOST_KEY_ED25519) 88 generate_key $HOST_KEY_ED25519 ed25519
62 ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
63fi 89fi
64 90