openssh: only create sshd host keys which have been enabled

Previously sshd_check_keys would create a full set of all possible sshd host keys, even if sshd_config has been set to only enable certain key types. Update sshd_check_keys to only create keys which have been enabled in sshd_config (with a fallback to creating a full set of key types if no HostKey options are defined, as before). (From OE-Core rev: 2303d795ae96f1a60caf145a0ddf100e89c4b5b0) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andre McCurdy <armccurdy@gmail.com> 2018-06-07 11:48:39 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-06-15 17:56:25 +0100
commit: 05881bbf353f05d4c613f76b3cd16432dec239a1 (patch)
tree: 5d66a1cb2cc04f224e9ac32e4eb933377efa71cf
parent: 958fd9e6f9bad7f071973c942707b2573183db06 (diff)
download: poky-05881bbf353f05d4c613f76b3cd16432dec239a1.tar.gz
1 files changed, 19 insertions, 23 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
index be2e2ec0a6..1931dc7153 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -56,27 +56,23 @@ while true ; do
    esac
 done
-# parse location of keys
+HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}")
-HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key"
-[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
-[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
-HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
-[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
-[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
-HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
-[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
-[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
-# create keys if necessary
+for key in ${HOST_KEYS} ; do
-if [ ! -f $HOST_KEY_RSA ]; then
+    [ -f $key ] && continue
-    echo "  generating ssh RSA key..."
+    case $key in
-    generate_key $HOST_KEY_RSA rsa
+    *_rsa_key)
-fi
+        echo "  generating ssh RSA host key..."
-if [ ! -f $HOST_KEY_ECDSA ]; then
+        generate_key $key rsa
-    echo "  generating ssh ECDSA key..."
+        ;;
-    generate_key $HOST_KEY_ECDSA ecdsa
+    *_ecdsa_key)
-fi
+        echo "  generating ssh ECDSA host key..."
-if [ ! -f $HOST_KEY_ED25519 ]; then
+        generate_key $key ecdsa
-    echo "  generating ssh ED25519 key..."
+        ;;
-    generate_key $HOST_KEY_ED25519 ed25519
+    *_ed25519_key)
-fi
+        echo "  generating ssh ED25519 host key..."
+        generate_key $key ed25519
+        ;;
+    esac
+done
author	Andre McCurdy <armccurdy@gmail.com>	2018-06-07 11:48:39 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-06-15 17:56:25 +0100
commit	05881bbf353f05d4c613f76b3cd16432dec239a1 (patch)
tree	5d66a1cb2cc04f224e9ac32e4eb933377efa71cf
parent	958fd9e6f9bad7f071973c942707b2573183db06 (diff)
download	poky-05881bbf353f05d4c613f76b3cd16432dec239a1.tar.gz

diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index be2e2ec0a6..1931dc7153 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -56,27 +56,23 @@ while true ; do
56	esac	56	esac
57	done	57	done
58		58
59	# parse location of keys	59	HOST_KEYS=$(sed -n 's/^[ \t]HostKey[ \t]\+\(.\)/\1/p' "${sshd_config}")
60	HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" \| grep _rsa_ \| tail -1 \| awk ' { print $2 } ')	60	[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key"
61	[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" \| grep _rsa_ \| tail -1 \| awk ' { print $2 } ')
62	[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
63	HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" \| grep _ecdsa_ \| tail -1 \| awk ' { print $2 } ')
64	[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" \| grep _ecdsa_ \| tail -1 \| awk ' { print $2 } ')
65	[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
66	HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" \| grep _ed25519_ \| tail -1 \| awk ' { print $2 } ')
67	[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" \| grep _ed25519_ \| tail -1 \| awk ' { print $2 } ')
68	[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
69		61
70	# create keys if necessary	62	for key in ${HOST_KEYS} ; do
71	if [ ! -f $HOST_KEY_RSA ]; then	63	[ -f $key ] && continue
72	echo " generating ssh RSA key..."	64	case $key in
73	generate_key $HOST_KEY_RSA rsa	65	*_rsa_key)
74	fi	66	echo " generating ssh RSA host key..."
75	if [ ! -f $HOST_KEY_ECDSA ]; then	67	generate_key $key rsa
76	echo " generating ssh ECDSA key..."	68	;;
77	generate_key $HOST_KEY_ECDSA ecdsa	69	*_ecdsa_key)
78	fi	70	echo " generating ssh ECDSA host key..."
79	if [ ! -f $HOST_KEY_ED25519 ]; then	71	generate_key $key ecdsa
80	echo " generating ssh ED25519 key..."	72	;;
81	generate_key $HOST_KEY_ED25519 ed25519	73	*_ed25519_key)
82	fi	74	echo " generating ssh ED25519 host key..."
		75	generate_key $key ed25519
		76	;;
		77	esac
		78	done