Generate host keys in postinst only if the relevant HostKey directives are

found in sshd_config (closes: #87946).
author: Colin Watson <cjwatson@debian.org> 2004-07-21 14:16:40 +0000
committer: Colin Watson <cjwatson@debian.org> 2004-07-21 14:16:40 +0000
commit: db393ffdb5103db641bb18219da7cc1934bb5d6f (patch)
tree: ab755cb970f90ee677d2026dcba1be9c3b449c45
parent: 6172f8af7a3cd6485a48e4cbaa46781a6d8337ca (diff)
2 files changed, 42 insertions, 9 deletions
diff --git a/debian/changelog b/debian/changelog
index a588623bd..5768423fe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ openssh (1:3.8.1p1-6) UNRELEASED; urgency=low
    http://lists.debian.org/debian-boot/2004/07/msg01207.html to get
    openssh-client-udeb to show up as a retrievable debian-installer
    component.
+  * Generate host keys in postinst only if the relevant HostKey directives
+    are found in sshd_config (closes: #87946).
 -- Colin Watson <cjwatson@debian.org>  Mon, 19 Jul 2004 20:22:39 +0100
diff --git a/debian/postinst b/debian/postinst
index ac5e1c555..1baae1677 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -27,13 +27,45 @@ check_idea_key() {
 }
+get_config_option() {
+        option="$1"
+        # TODO: actually only one '=' allowed after option
+        perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
+           /etc/ssh/sshd_config
+}
+host_keys_required() {
+        hostkeys="$(get_config_option HostKey)"
+        if [ "$hostkeys" ]; then
+                echo "$hostkeys"
+        else
+                # No HostKey directives at all, so the server picks some
+                # defaults depending on the setting of Protocol.
+                protocol="$(get_config_option Protocol)"
+                [ "$protocol" ] || protocol=1,2
+                if echo "$protocol" | grep 1 >/dev/null; then
+                        echo /etc/ssh/ssh_host_key
+                fi
+                if echo "$protocol" | grep 2 >/dev/null; then
+                        echo /etc/ssh/ssh_host_rsa_key
+                        echo /etc/ssh/ssh_host_dsa_key
+                fi
+        fi
+}
 create_key() {
        msg="$1"
        shift
+        hostkeys="$1"
+        shift
        file="$1"
        shift
-        if [ ! -f "$file" ] ; then
+        if echo "$hostkeys" | grep -x "$file" >/dev/null && \
+           [ ! -f "$file" ] ; then
                echo -n $msg
                ssh-keygen -q -f "$file" -N '' "$@"
                echo
@@ -42,16 +74,15 @@ create_key() {
 create_keys() {
-        db_get ssh/protocol2_only
+        hostkeys="$(host_keys_required)"
-        if [ "$RET" = "false" ] ; then
-                create_key "Creating SSH1 key; this may take some time ..." \
+        create_key "Creating SSH1 key; this may take some time ..." \
-                        /etc/ssh/ssh_host_key -t rsa1
+                "$hostkeys" /etc/ssh/ssh_host_key -t rsa1
-        fi
        create_key "Creating SSH2 RSA key; this may take some time ..." \
-                /etc/ssh/ssh_host_rsa_key -t rsa
+                "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
        create_key "Creating SSH2 DSA key; this may take some time ..." \
-                /etc/ssh/ssh_host_dsa_key -t dsa
+                "$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
 }
@@ -304,9 +335,9 @@ setup_init() {
        fi
 }
+create_sshdconfig
 check_idea_key
 create_keys
-create_sshdconfig
 fix_rsh_diversion
 fix_statoverride
 create_alternatives
author	Colin Watson <cjwatson@debian.org>	2004-07-21 14:16:40 +0000
committer	Colin Watson <cjwatson@debian.org>	2004-07-21 14:16:40 +0000
commit	db393ffdb5103db641bb18219da7cc1934bb5d6f (patch)
tree	ab755cb970f90ee677d2026dcba1be9c3b449c45
parent	6172f8af7a3cd6485a48e4cbaa46781a6d8337ca (diff)

diff --git a/debian/changelog b/debian/changelog index a588623bd..5768423fe 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -4,6 +4,8 @@ openssh (1:3.8.1p1-6) UNRELEASED; urgency=low
4	http://lists.debian.org/debian-boot/2004/07/msg01207.html to get	4	http://lists.debian.org/debian-boot/2004/07/msg01207.html to get
5	openssh-client-udeb to show up as a retrievable debian-installer	5	openssh-client-udeb to show up as a retrievable debian-installer
6	component.	6	component.
		7	* Generate host keys in postinst only if the relevant HostKey directives
		8	are found in sshd_config (closes: #87946).
7		9
8	-- Colin Watson <cjwatson@debian.org> Mon, 19 Jul 2004 20:22:39 +0100	10	-- Colin Watson <cjwatson@debian.org> Mon, 19 Jul 2004 20:22:39 +0100
9		11


diff --git a/debian/postinst b/debian/postinst index ac5e1c555..1baae1677 100644 --- a/debian/postinst +++ b/debian/postinst
@@ -27,13 +27,45 @@ check_idea_key() {
27	}	27	}
28		28
29		29
		30	get_config_option() {
		31	option="$1"
		32
		33	# TODO: actually only one '=' allowed after option
		34	perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
		35	/etc/ssh/sshd_config
		36	}
		37
		38
		39	host_keys_required() {
		40	hostkeys="$(get_config_option HostKey)"
		41	if [ "$hostkeys" ]; then
		42	echo "$hostkeys"
		43	else
		44	# No HostKey directives at all, so the server picks some
		45	# defaults depending on the setting of Protocol.
		46	protocol="$(get_config_option Protocol)"
		47	[ "$protocol" ] \|\| protocol=1,2
		48	if echo "$protocol" \| grep 1 >/dev/null; then
		49	echo /etc/ssh/ssh_host_key
		50	fi
		51	if echo "$protocol" \| grep 2 >/dev/null; then
		52	echo /etc/ssh/ssh_host_rsa_key
		53	echo /etc/ssh/ssh_host_dsa_key
		54	fi
		55	fi
		56	}
		57
		58
30	create_key() {	59	create_key() {
31	msg="$1"	60	msg="$1"
32	shift	61	shift
		62	hostkeys="$1"
		63	shift
33	file="$1"	64	file="$1"
34	shift	65	shift
35		66
36	if [ ! -f "$file" ] ; then	67	if echo "$hostkeys" \| grep -x "$file" >/dev/null && \
		68	[ ! -f "$file" ] ; then
37	echo -n $msg	69	echo -n $msg
38	ssh-keygen -q -f "$file" -N '' "$@"	70	ssh-keygen -q -f "$file" -N '' "$@"
39	echo	71	echo
@@ -42,16 +74,15 @@ create_key() {
42		74
43		75
44	create_keys() {	76	create_keys() {
45	db_get ssh/protocol2_only	77	hostkeys="$(host_keys_required)"
46	if [ "$RET" = "false" ] ; then	78
47	create_key "Creating SSH1 key; this may take some time ..." \	79	create_key "Creating SSH1 key; this may take some time ..." \
48	/etc/ssh/ssh_host_key -t rsa1	80	"$hostkeys" /etc/ssh/ssh_host_key -t rsa1
49	fi
50		81
51	create_key "Creating SSH2 RSA key; this may take some time ..." \	82	create_key "Creating SSH2 RSA key; this may take some time ..." \
52	/etc/ssh/ssh_host_rsa_key -t rsa	83	"$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
53	create_key "Creating SSH2 DSA key; this may take some time ..." \	84	create_key "Creating SSH2 DSA key; this may take some time ..." \
54	/etc/ssh/ssh_host_dsa_key -t dsa	85	"$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
55	}	86	}
56		87
57		88
@@ -304,9 +335,9 @@ setup_init() {
304	fi	335	fi
305	}	336	}
306		337
		338	create_sshdconfig
307	check_idea_key	339	check_idea_key
308	create_keys	340	create_keys
309	create_sshdconfig
310	fix_rsh_diversion	341	fix_rsh_diversion
311	fix_statoverride	342	fix_statoverride
312	create_alternatives	343	create_alternatives