summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
Commit message (Collapse)AuthorAgeFilesLines
* openssh: only create sshd host keys which have been enabledAndre McCurdy2018-06-151-23/+19
| | | | | | | | | | | | | | | Previously sshd_check_keys would create a full set of all possible sshd host keys, even if sshd_config has been set to only enable certain key types. Update sshd_check_keys to only create keys which have been enabled in sshd_config (with a fallback to creating a full set of key types if no HostKey options are defined, as before). (From OE-Core rev: 2303d795ae96f1a60caf145a0ddf100e89c4b5b0) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: drop sshd support for DSA host keysAndre McCurdy2018-06-071-8/+0
| | | | | | | | | | | DSA keys have been deprecated for some time: https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html (From OE-Core rev: e6a1c8c4ef4a1d2add6a7492d43027c4c0682300) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Atomically generate host keysJoshua Watt2017-10-071-8/+34
| | | | | | | | | | | | | | Generating the host keys atomically prevents power interruptions during the first boot from leaving the key files incomplete, which often prevents users from being able to ssh into the device. [YOCTO #11671] (From OE-Core rev: 221b40f1f08ee23511ba078a1efd01686922e932) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Fix key generation with systemdJoshua Watt2017-09-251-0/+64
106b59d9 broke SSH host key generation when systemd and a read-only root file system are in use because there isn't a way for systemd to get the optional weak assigment of SYSCONFDIR from /etc/default/sshd and still provide a default value if it is not specified. Instead, move the logic for determining if keys need to be created to a helper script that both the SysV init script and the systemd unit file can reference. This does mean that the systemd unit file can't check for file existence to know if it should start the service, but it wasn't able to do that correctly anyway anymore. This should be a problem since the serivce is only run once per power cycle by systemd, and should exit quickly if the keys already exist (From OE-Core rev: 7e49c5879862253ae1b6a26535d07a2740a95798) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-07-02 21:43:52 +0000