summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2011-01-24 12:53:09 +0000
committerColin Watson <cjwatson@debian.org>2011-01-24 12:53:09 +0000
commita5672e39810564dd2ea0aaebed7a390d44e794cd (patch)
tree169028255f863ee45b9f795af2956d12be9ad8be
parent626f1d986ff72aa514da63e34744e1de9cf21b9a (diff)
Generate ECDSA host keys. These will only be used on fresh
installations or if you manually add 'HostKey /etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config.
Diffstat
-rw-r--r--debian/changelog3
-rw-r--r--debian/openssh-server.postinst4
-rw-r--r--debian/openssh-server.postrm1
3 files changed, 8 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 84269b035..a2c0f2479 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,9 @@ openssh (1:5.7p1-1) UNRELEASED; urgency=low
22 temporary directories (closes: #357469, although only if you arrange 22 temporary directories (closes: #357469, although only if you arrange
23 for ssh-agent to actually see $TMPDIR since the setgid bit will cause 23 for ssh-agent to actually see $TMPDIR since the setgid bit will cause
24 it to be stripped off). 24 it to be stripped off).
25 * Generate ECDSA host keys. These will only be used on fresh
26 installations or if you manually add 'HostKey
27 /etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config.
25 28
26 -- Colin Watson <cjwatson@debian.org> Mon, 24 Jan 2011 12:07:24 +0000 29 -- Colin Watson <cjwatson@debian.org> Mon, 24 Jan 2011 12:07:24 +0000
27 30
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 4ed956454..5c4c79d5c 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -131,6 +131,7 @@ host_keys_required() {
131 if echo "$protocol" | grep 2 >/dev/null; then 131 if echo "$protocol" | grep 2 >/dev/null; then
132 echo /etc/ssh/ssh_host_rsa_key 132 echo /etc/ssh/ssh_host_rsa_key
133 echo /etc/ssh/ssh_host_dsa_key 133 echo /etc/ssh/ssh_host_dsa_key
134 echo /etc/ssh/ssh_host_ecdsa_key
134 fi 135 fi
135 fi 136 fi
136} 137}
@@ -166,6 +167,8 @@ create_keys() {
166 "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa 167 "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
167 create_key "Creating SSH2 DSA key; this may take some time ..." \ 168 create_key "Creating SSH2 DSA key; this may take some time ..." \
168 "$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa 169 "$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
170 create_key "Creating SSH2 ECDSA key; this may take some time ..." \
171 "$hostkeys" /etc/ssh/ssh_host_ecdsa_key -t ecdsa
169} 172}
170 173
171 174
@@ -303,6 +306,7 @@ Protocol 2
303# HostKeys for protocol version 2 306# HostKeys for protocol version 2
304HostKey /etc/ssh/ssh_host_rsa_key 307HostKey /etc/ssh/ssh_host_rsa_key
305HostKey /etc/ssh/ssh_host_dsa_key 308HostKey /etc/ssh/ssh_host_dsa_key
309HostKey /etc/ssh/ssh_host_ecdsa_key
306#Privilege Separation is turned on for security 310#Privilege Separation is turned on for security
307UsePrivilegeSeparation yes 311UsePrivilegeSeparation yes
308 312
diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm
index 7258d5f99..655c1ae17 100644
--- a/debian/openssh-server.postrm
+++ b/debian/openssh-server.postrm
@@ -48,6 +48,7 @@ case $1 in
48 rm -f /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub 48 rm -f /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub
49 rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub 49 rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
50 rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub 50 rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
51 rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub
51 rm -f /etc/ssh/sshd_config 52 rm -f /etc/ssh/sshd_config
52 rm -f /etc/ssh/sshd_not_to_be_run 53 rm -f /etc/ssh/sshd_not_to_be_run
53 rmdir --ignore-fail-on-non-empty /etc/ssh 54 rmdir --ignore-fail-on-non-empty /etc/ssh
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 06:38:22 +0000