summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2004-07-21 14:16:40 +0000
committerColin Watson <cjwatson@debian.org>2004-07-21 14:16:40 +0000
commitdb393ffdb5103db641bb18219da7cc1934bb5d6f (patch)
treeab755cb970f90ee677d2026dcba1be9c3b449c45
parent6172f8af7a3cd6485a48e4cbaa46781a6d8337ca (diff)
Generate host keys in postinst only if the relevant HostKey directives are
found in sshd_config (closes: #87946).
-rw-r--r--debian/changelog2
-rw-r--r--debian/postinst49
2 files changed, 42 insertions, 9 deletions
diff --git a/debian/changelog b/debian/changelog
index a588623bd..5768423fe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ openssh (1:3.8.1p1-6) UNRELEASED; urgency=low
4 http://lists.debian.org/debian-boot/2004/07/msg01207.html to get 4 http://lists.debian.org/debian-boot/2004/07/msg01207.html to get
5 openssh-client-udeb to show up as a retrievable debian-installer 5 openssh-client-udeb to show up as a retrievable debian-installer
6 component. 6 component.
7 * Generate host keys in postinst only if the relevant HostKey directives
8 are found in sshd_config (closes: #87946).
7 9
8 -- Colin Watson <cjwatson@debian.org> Mon, 19 Jul 2004 20:22:39 +0100 10 -- Colin Watson <cjwatson@debian.org> Mon, 19 Jul 2004 20:22:39 +0100
9 11
diff --git a/debian/postinst b/debian/postinst
index ac5e1c555..1baae1677 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -27,13 +27,45 @@ check_idea_key() {
27} 27}
28 28
29 29
30get_config_option() {
31 option="$1"
32
33 # TODO: actually only one '=' allowed after option
34 perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
35 /etc/ssh/sshd_config
36}
37
38
39host_keys_required() {
40 hostkeys="$(get_config_option HostKey)"
41 if [ "$hostkeys" ]; then
42 echo "$hostkeys"
43 else
44 # No HostKey directives at all, so the server picks some
45 # defaults depending on the setting of Protocol.
46 protocol="$(get_config_option Protocol)"
47 [ "$protocol" ] || protocol=1,2
48 if echo "$protocol" | grep 1 >/dev/null; then
49 echo /etc/ssh/ssh_host_key
50 fi
51 if echo "$protocol" | grep 2 >/dev/null; then
52 echo /etc/ssh/ssh_host_rsa_key
53 echo /etc/ssh/ssh_host_dsa_key
54 fi
55 fi
56}
57
58
30create_key() { 59create_key() {
31 msg="$1" 60 msg="$1"
32 shift 61 shift
62 hostkeys="$1"
63 shift
33 file="$1" 64 file="$1"
34 shift 65 shift
35 66
36 if [ ! -f "$file" ] ; then 67 if echo "$hostkeys" | grep -x "$file" >/dev/null && \
68 [ ! -f "$file" ] ; then
37 echo -n $msg 69 echo -n $msg
38 ssh-keygen -q -f "$file" -N '' "$@" 70 ssh-keygen -q -f "$file" -N '' "$@"
39 echo 71 echo
@@ -42,16 +74,15 @@ create_key() {
42 74
43 75
44create_keys() { 76create_keys() {
45 db_get ssh/protocol2_only 77 hostkeys="$(host_keys_required)"
46 if [ "$RET" = "false" ] ; then 78
47 create_key "Creating SSH1 key; this may take some time ..." \ 79 create_key "Creating SSH1 key; this may take some time ..." \
48 /etc/ssh/ssh_host_key -t rsa1 80 "$hostkeys" /etc/ssh/ssh_host_key -t rsa1
49 fi
50 81
51 create_key "Creating SSH2 RSA key; this may take some time ..." \ 82 create_key "Creating SSH2 RSA key; this may take some time ..." \
52 /etc/ssh/ssh_host_rsa_key -t rsa 83 "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
53 create_key "Creating SSH2 DSA key; this may take some time ..." \ 84 create_key "Creating SSH2 DSA key; this may take some time ..." \
54 /etc/ssh/ssh_host_dsa_key -t dsa 85 "$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
55} 86}
56 87
57 88
@@ -304,9 +335,9 @@ setup_init() {
304 fi 335 fi
305} 336}
306 337
338create_sshdconfig
307check_idea_key 339check_idea_key
308create_keys 340create_keys
309create_sshdconfig
310fix_rsh_diversion 341fix_rsh_diversion
311fix_statoverride 342fix_statoverride
312create_alternatives 343create_alternatives