From 05881bbf353f05d4c613f76b3cd16432dec239a1 Mon Sep 17 00:00:00 2001 From: Andre McCurdy Date: Thu, 7 Jun 2018 11:48:39 -0700 Subject: openssh: only create sshd host keys which have been enabled Previously sshd_check_keys would create a full set of all possible sshd host keys, even if sshd_config has been set to only enable certain key types. Update sshd_check_keys to only create keys which have been enabled in sshd_config (with a fallback to creating a full set of key types if no HostKey options are defined, as before). (From OE-Core rev: 2303d795ae96f1a60caf145a0ddf100e89c4b5b0) Signed-off-by: Andre McCurdy Signed-off-by: Richard Purdie --- .../openssh/openssh/sshd_check_keys | 42 ++++++++++------------ 1 file changed, 19 insertions(+), 23 deletions(-) (limited to 'meta/recipes-connectivity/openssh') diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index be2e2ec0a6..1931dc7153 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -56,27 +56,23 @@ while true ; do esac done -# parse location of keys -HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key -HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key -HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key +HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") +[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key" -# create keys if necessary -if [ ! -f $HOST_KEY_RSA ]; then - echo " generating ssh RSA key..." - generate_key $HOST_KEY_RSA rsa -fi -if [ ! -f $HOST_KEY_ECDSA ]; then - echo " generating ssh ECDSA key..." - generate_key $HOST_KEY_ECDSA ecdsa -fi -if [ ! -f $HOST_KEY_ED25519 ]; then - echo " generating ssh ED25519 key..." - generate_key $HOST_KEY_ED25519 ed25519 -fi +for key in ${HOST_KEYS} ; do + [ -f $key ] && continue + case $key in + *_rsa_key) + echo " generating ssh RSA host key..." + generate_key $key rsa + ;; + *_ecdsa_key) + echo " generating ssh ECDSA host key..." + generate_key $key ecdsa + ;; + *_ed25519_key) + echo " generating ssh ED25519 host key..." + generate_key $key ed25519 + ;; + esac +done -- cgit v1.2.3-54-g00ecf