diff options
author | Christian Hermann <christian.hermann@hytera.de> | 2020-08-21 13:29:02 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2020-09-11 09:38:29 +0200 |
commit | cf2b6aa24e21431186e255312b7c4f6691ad367a (patch) | |
tree | c12e06a11f98947e2c7c8a21324b4722b56fab0a /projectroot | |
parent | 86a6ec45acb4073df4817c91a052c3c2f6676883 (diff) | |
download | ptxdist-cf2b6aa24e21431186e255312b7c4f6691ad367a.tar.gz ptxdist-cf2b6aa24e21431186e255312b7c4f6691ad367a.tar.xz |
openssh/rc-once: iterate over configured hostkeys
...instead of relying on a hardcoded list of keytypes.
Some cleanup was performed as well:
* merge key gathering functions
* absence of sshd_config was tested but properly progagated and
therefore not properly handled.
Tested with sed implementations of busybox-1.31.1, toybox-0.8.3 and GNU.
Signed-off-by: Christian Hermann <christian.hermann@hytera.de>
Message-Id: <20200821112902.17281-2-christian.hermann@hytera.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'projectroot')
-rw-r--r-- | projectroot/etc/rc.once.d/openssh | 49 |
1 files changed, 19 insertions, 30 deletions
diff --git a/projectroot/etc/rc.once.d/openssh b/projectroot/etc/rc.once.d/openssh index fe8b00691..545586f07 100644 --- a/projectroot/etc/rc.once.d/openssh +++ b/projectroot/etc/rc.once.d/openssh @@ -3,43 +3,32 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin get_hostkeys() { - [ -f /etc/ssh/sshd_config ] || return - sed -n 's/^HostKey[ \t][ \t]*\(.*\)/\1/p' /etc/ssh/sshd_config -} - -host_keys_required() { - hostkeys="$(get_hostkeys)" - if [ "$hostkeys" ]; then - echo "$hostkeys" - else - # No HostKey directives found, so we pick secure defaults - echo /etc/ssh/ssh_host_ed25519_key - fi + hostkeys="$(sed -E -n -e 's/^HostKey[[:space:]]+(.*)/\1/p' /etc/ssh/sshd_config)" || return + # pick secure defaults if no HostKey directives are found + echo "${hostkeys:-/etc/ssh/ssh_host_ed25519_key}" } create_key() { - keytype="$1" - shift - hostkeys="$1" - shift - - file="/etc/ssh/ssh_host_${keytype}_key" - - if echo "$hostkeys" | grep -x -F "$file" >/dev/null; then - echo "Create $keytype key; this may take some time ..." - rm -f $file && - ssh-keygen -q -f "$file" -N '' -t "$keytype" "$@" || return - echo "Created $keytype key." - fi + keyfile="$1" + keytype="$(echo "$keyfile" | sed -E -e 's/.*ssh_host_(.*)_key$/\1/')" + + keygen_args= + case "$keytype" in + rsa) keygen_args="-b 4096" ;; + esac + + echo "Create $keytype key; this may take some time ..." + rm -f "$keyfile" && + ssh-keygen -q -f "$keyfile" -N '' -t "$keytype" $keygen_args || return + echo "Created $keytype key." } create_keys() { - hostkeys="$(host_keys_required)" + hostkeys="$(get_hostkeys)" || return - create_key "dsa" "$hostkeys" && - create_key "ecdsa" "$hostkeys" && - create_key "ed25519" "$hostkeys" && - create_key "rsa" "$hostkeys" -b 4096 + for keyfile in $hostkeys; do + create_key "$keyfile" || return + done } if ! create_keys; then |