* New upstream release (http://www.openssh.org/txt/release-5.9).

- Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. - Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt. - The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot (closes: #75043, #429243, #599240). - ssh(1) now warns when a server refuses X11 forwarding (closes: #504757). - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace (closes: #76312). The authorized_keys2 fallback is deprecated but documented (closes: #560156). - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4 ToS/DSCP (closes: #498297). - ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key" (closes: #229124). - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691). - Say "required" rather than "recommended" in unprotected-private-key warning (LP: #663455).
author: Colin Watson <cjwatson@debian.org> 2011-09-06 14:56:29 +0100
committer: Colin Watson <cjwatson@debian.org> 2011-09-06 14:56:29 +0100
commit: 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch)
tree: 89400a44e42d84937deba7864e4964d6c7734da5 /contrib/redhat/sshd.init
parent: 87c685b8c6a49814fd782288097b3093f975aa72 (diff)
parent: 3a7e89697ca363de0f64e0d5704c57219294e41c (diff)
1 files changed, 7 insertions, 64 deletions
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init
index 854aff665..2334d8142 100755
--- a/contrib/redhat/sshd.init
+++ b/contrib/redhat/sshd.init
@@ -22,70 +22,9 @@ RETVAL=0
 prog="sshd"
 # Some functions to make the below more readable
-KEYGEN=/usr/bin/ssh-keygen
 SSHD=/usr/sbin/sshd
-RSA1_KEY=/etc/ssh/ssh_host_key
-RSA_KEY=/etc/ssh/ssh_host_rsa_key
-DSA_KEY=/etc/ssh/ssh_host_dsa_key
 PID_FILE=/var/run/sshd.pid
-do_rsa1_keygen() {
-        if [ ! -s $RSA1_KEY ]; then
-                echo -n $"Generating SSH1 RSA host key: "
-                if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
-                        chmod 600 $RSA1_KEY
-                        chmod 644 $RSA1_KEY.pub
-                        if [ -x /sbin/restorecon ]; then
-                            /sbin/restorecon $RSA1_KEY.pub
-                        fi
-                        success $"RSA1 key generation"
-                        echo
-                else
-                        failure $"RSA1 key generation"
-                        echo
-                        exit 1
-                fi
-        fi
-}
-do_rsa_keygen() {
-        if [ ! -s $RSA_KEY ]; then
-                echo -n $"Generating SSH2 RSA host key: "
-                if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
-                        chmod 600 $RSA_KEY
-                        chmod 644 $RSA_KEY.pub
-                        if [ -x /sbin/restorecon ]; then
-                            /sbin/restorecon $RSA_KEY.pub
-                        fi
-                        success $"RSA key generation"
-                        echo
-                else
-                        failure $"RSA key generation"
-                        echo
-                        exit 1
-                fi
-        fi
-}
-do_dsa_keygen() {
-        if [ ! -s $DSA_KEY ]; then
-                echo -n $"Generating SSH2 DSA host key: "
-                if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
-                        chmod 600 $DSA_KEY
-                        chmod 644 $DSA_KEY.pub
-                        if [ -x /sbin/restorecon ]; then
-                            /sbin/restorecon $DSA_KEY.pub
-                        fi
-                        success $"DSA key generation"
-                        echo
-                else
-                        failure $"DSA key generation"
-                        echo
-                        exit 1
-                fi
-        fi
-}
 do_restart_sanity_check()
 {
        $SSHD -t
@@ -99,9 +38,13 @@ do_restart_sanity_check()
 start()
 {
        # Create keys if necessary
-        do_rsa1_keygen
+        /usr/bin/ssh-keygen -A
-        do_rsa_keygen
+        if [ -x /sbin/restorecon ]; then
-        do_dsa_keygen
+                /sbin/restorcon /etc/ssh/ssh_host_key.pub
+                /sbin/restorcon /etc/ssh/ssh_host_rsa_key.pub
+                /sbin/restorcon /etc/ssh/ssh_host_dsa_key.pub
+                /sbin/restorcon /etc/ssh/ssh_host_ecdsa_key.pub
+        fi
        echo -n $"Starting $prog:"
        $SSHD $OPTIONS && success || failure
author	Colin Watson <cjwatson@debian.org>	2011-09-06 14:56:29 +0100
committer	Colin Watson <cjwatson@debian.org>	2011-09-06 14:56:29 +0100
commit	978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch)
tree	89400a44e42d84937deba7864e4964d6c7734da5 /contrib/redhat/sshd.init
parent	87c685b8c6a49814fd782288097b3093f975aa72 (diff)
parent	3a7e89697ca363de0f64e0d5704c57219294e41c (diff)

diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init index 854aff665..2334d8142 100755 --- a/contrib/redhat/sshd.init +++ b/contrib/redhat/sshd.init
@@ -22,70 +22,9 @@ RETVAL=0
22	prog="sshd"	22	prog="sshd"
23		23
24	# Some functions to make the below more readable	24	# Some functions to make the below more readable
25	KEYGEN=/usr/bin/ssh-keygen
26	SSHD=/usr/sbin/sshd	25	SSHD=/usr/sbin/sshd
27	RSA1_KEY=/etc/ssh/ssh_host_key
28	RSA_KEY=/etc/ssh/ssh_host_rsa_key
29	DSA_KEY=/etc/ssh/ssh_host_dsa_key
30	PID_FILE=/var/run/sshd.pid	26	PID_FILE=/var/run/sshd.pid
31		27
32	do_rsa1_keygen() {
33	if [ ! -s $RSA1_KEY ]; then
34	echo -n $"Generating SSH1 RSA host key: "
35	if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
36	chmod 600 $RSA1_KEY
37	chmod 644 $RSA1_KEY.pub
38	if [ -x /sbin/restorecon ]; then
39	/sbin/restorecon $RSA1_KEY.pub
40	fi
41	success $"RSA1 key generation"
42	echo
43	else
44	failure $"RSA1 key generation"
45	echo
46	exit 1
47	fi
48	fi
49	}
50
51	do_rsa_keygen() {
52	if [ ! -s $RSA_KEY ]; then
53	echo -n $"Generating SSH2 RSA host key: "
54	if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
55	chmod 600 $RSA_KEY
56	chmod 644 $RSA_KEY.pub
57	if [ -x /sbin/restorecon ]; then
58	/sbin/restorecon $RSA_KEY.pub
59	fi
60	success $"RSA key generation"
61	echo
62	else
63	failure $"RSA key generation"
64	echo
65	exit 1
66	fi
67	fi
68	}
69
70	do_dsa_keygen() {
71	if [ ! -s $DSA_KEY ]; then
72	echo -n $"Generating SSH2 DSA host key: "
73	if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
74	chmod 600 $DSA_KEY
75	chmod 644 $DSA_KEY.pub
76	if [ -x /sbin/restorecon ]; then
77	/sbin/restorecon $DSA_KEY.pub
78	fi
79	success $"DSA key generation"
80	echo
81	else
82	failure $"DSA key generation"
83	echo
84	exit 1
85	fi
86	fi
87	}
88
89	do_restart_sanity_check()	28	do_restart_sanity_check()
90	{	29	{
91	$SSHD -t	30	$SSHD -t
@@ -99,9 +38,13 @@ do_restart_sanity_check()
99	start()	38	start()
100	{	39	{
101	# Create keys if necessary	40	# Create keys if necessary
102	do_rsa1_keygen	41	/usr/bin/ssh-keygen -A
103	do_rsa_keygen	42	if [ -x /sbin/restorecon ]; then
104	do_dsa_keygen	43	/sbin/restorcon /etc/ssh/ssh_host_key.pub
		44	/sbin/restorcon /etc/ssh/ssh_host_rsa_key.pub
		45	/sbin/restorcon /etc/ssh/ssh_host_dsa_key.pub
		46	/sbin/restorcon /etc/ssh/ssh_host_ecdsa_key.pub
		47	fi
105		48
106	echo -n $"Starting $prog:"	49	echo -n $"Starting $prog:"
107	$SSHD $OPTIONS && success \|\| failure	50	$SSHD $OPTIONS && success \|\| failure