1 files changed, 42 insertions, 11 deletions
diff --git a/debian/postinst b/debian/postinst
index b641769ba..1baae1677 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -27,13 +27,45 @@ check_idea_key() {
 }
+get_config_option() {
+        option="$1"
+        # TODO: actually only one '=' allowed after option
+        perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
+           /etc/ssh/sshd_config
+}
+host_keys_required() {
+        hostkeys="$(get_config_option HostKey)"
+        if [ "$hostkeys" ]; then
+                echo "$hostkeys"
+        else
+                # No HostKey directives at all, so the server picks some
+                # defaults depending on the setting of Protocol.
+                protocol="$(get_config_option Protocol)"
+                [ "$protocol" ] || protocol=1,2
+                if echo "$protocol" | grep 1 >/dev/null; then
+                        echo /etc/ssh/ssh_host_key
+                fi
+                if echo "$protocol" | grep 2 >/dev/null; then
+                        echo /etc/ssh/ssh_host_rsa_key
+                        echo /etc/ssh/ssh_host_dsa_key
+                fi
+        fi
+}
 create_key() {
-        local msg="$1"
+        msg="$1"
+        shift
+        hostkeys="$1"
        shift
-        local file="$1"
+        file="$1"
        shift
-        if [ ! -f "$file" ] ; then
+        if echo "$hostkeys" | grep -x "$file" >/dev/null && \
+           [ ! -f "$file" ] ; then
                echo -n $msg
                ssh-keygen -q -f "$file" -N '' "$@"
                echo
@@ -42,16 +74,15 @@ create_key() {
 create_keys() {
-        db_get ssh/protocol2_only
+        hostkeys="$(host_keys_required)"
-        if [ "$RET" = "false" ] ; then
-                create_key "Creating SSH1 key; this may take some time ..." \
+        create_key "Creating SSH1 key; this may take some time ..." \
-                        /etc/ssh/ssh_host_key -t rsa1
+                "$hostkeys" /etc/ssh/ssh_host_key -t rsa1
-        fi
        create_key "Creating SSH2 RSA key; this may take some time ..." \
-                /etc/ssh/ssh_host_rsa_key -t rsa
+                "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
        create_key "Creating SSH2 DSA key; this may take some time ..." \
-                /etc/ssh/ssh_host_dsa_key -t dsa
+                "$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
 }
@@ -304,9 +335,9 @@ setup_init() {
        fi
 }
+create_sshdconfig
 check_idea_key
 create_keys
-create_sshdconfig
 fix_rsh_diversion
 fix_statoverride
 create_alternatives

diff --git a/debian/postinst b/debian/postinst index b641769ba..1baae1677 100644 --- a/debian/postinst +++ b/debian/postinst
@@ -27,13 +27,45 @@ check_idea_key() {
27	}	27	}
28		28
29		29
		30	get_config_option() {
		31	option="$1"
		32
		33	# TODO: actually only one '=' allowed after option
		34	perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
		35	/etc/ssh/sshd_config
		36	}
		37
		38
		39	host_keys_required() {
		40	hostkeys="$(get_config_option HostKey)"
		41	if [ "$hostkeys" ]; then
		42	echo "$hostkeys"
		43	else
		44	# No HostKey directives at all, so the server picks some
		45	# defaults depending on the setting of Protocol.
		46	protocol="$(get_config_option Protocol)"
		47	[ "$protocol" ] \|\| protocol=1,2
		48	if echo "$protocol" \| grep 1 >/dev/null; then
		49	echo /etc/ssh/ssh_host_key
		50	fi
		51	if echo "$protocol" \| grep 2 >/dev/null; then
		52	echo /etc/ssh/ssh_host_rsa_key
		53	echo /etc/ssh/ssh_host_dsa_key
		54	fi
		55	fi
		56	}
		57
		58
30	create_key() {	59	create_key() {
31	local msg="$1"	60	msg="$1"
		61	shift
		62	hostkeys="$1"
32	shift	63	shift
33	local file="$1"	64	file="$1"
34	shift	65	shift
35		66
36	if [ ! -f "$file" ] ; then	67	if echo "$hostkeys" \| grep -x "$file" >/dev/null && \
		68	[ ! -f "$file" ] ; then
37	echo -n $msg	69	echo -n $msg
38	ssh-keygen -q -f "$file" -N '' "$@"	70	ssh-keygen -q -f "$file" -N '' "$@"
39	echo	71	echo
@@ -42,16 +74,15 @@ create_key() {
42		74
43		75
44	create_keys() {	76	create_keys() {
45	db_get ssh/protocol2_only	77	hostkeys="$(host_keys_required)"
46	if [ "$RET" = "false" ] ; then	78
47	create_key "Creating SSH1 key; this may take some time ..." \	79	create_key "Creating SSH1 key; this may take some time ..." \
48	/etc/ssh/ssh_host_key -t rsa1	80	"$hostkeys" /etc/ssh/ssh_host_key -t rsa1
49	fi
50		81
51	create_key "Creating SSH2 RSA key; this may take some time ..." \	82	create_key "Creating SSH2 RSA key; this may take some time ..." \
52	/etc/ssh/ssh_host_rsa_key -t rsa	83	"$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
53	create_key "Creating SSH2 DSA key; this may take some time ..." \	84	create_key "Creating SSH2 DSA key; this may take some time ..." \
54	/etc/ssh/ssh_host_dsa_key -t dsa	85	"$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
55	}	86	}
56		87
57		88
@@ -304,9 +335,9 @@ setup_init() {
304	fi	335	fi
305	}	336	}
306		337
		338	create_sshdconfig
307	check_idea_key	339	check_idea_key
308	create_keys	340	create_keys
309	create_sshdconfig
310	fix_rsh_diversion	341	fix_rsh_diversion
311	fix_statoverride	342	fix_statoverride
312	create_alternatives	343	create_alternatives