modified: configure.ac opensshd.init.in

Skip generating missing RSA1 key on startup unless ssh1 support is enabled.
Spotted by Jean-Pierre Radley

2 files changed, 6 insertions, 3 deletions

diff --git a/configure.ac b/configure.ac
index 373d21b34..7c1956dc6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -123,6 +123,7 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
 
 openssl=yes
 ssh1=no
+COMMENT_OUT_RSA1="#no ssh1#"
 AC_ARG_WITH([openssl],
         [  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
         [  if test "x$withval" = "xno" ; then
@@ -147,6 +148,7 @@ AC_ARG_WITH([ssh1],
                                 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
                         fi
                         ssh1=yes
+                        COMMENT_OUT_RSA1=""
                 elif test "x$withval" = "xno" ; then
                         ssh1=no
                 else
@@ -158,6 +160,7 @@ AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
 if test "x$ssh1" = "xyes" ; then
         AC_MSG_RESULT([yes])
         AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
+        AC_SUBST([COMMENT_OUT_RSA1])
 else
         AC_MSG_RESULT([no])
 fi
diff --git a/opensshd.init.in b/opensshd.init.in
index 517345bfb..3908566b7 100755
--- a/opensshd.init.in
+++ b/opensshd.init.in
@@ -25,9 +25,9 @@ HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key
 
 
 checkkeys() {
-    if [ ! -f $HOST_KEY_RSA1 ]; then
-        ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
-    fi
+@COMMENT_OUT_RSA1@    if [ ! -f $HOST_KEY_RSA1 ]; then
+@COMMENT_OUT_RSA1@      ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
+@COMMENT_OUT_RSA1@    fi
     if [ ! -f $HOST_KEY_DSA ]; then
         ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
     fi