From a5672e39810564dd2ea0aaebed7a390d44e794cd Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 24 Jan 2011 12:53:09 +0000
Subject: Generate ECDSA host keys.  These will only be used on fresh
 installations or if you manually add 'HostKey /etc/ssh/ssh_host_ecdsa_key' to
 /etc/ssh/sshd_config.

---
 debian/changelog               | 3 +++
 debian/openssh-server.postinst | 4 ++++
 debian/openssh-server.postrm   | 1 +
 3 files changed, 8 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 84269b035..a2c0f2479 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,9 @@ openssh (1:5.7p1-1) UNRELEASED; urgency=low
       temporary directories (closes: #357469, although only if you arrange
       for ssh-agent to actually see $TMPDIR since the setgid bit will cause
       it to be stripped off).
+  * Generate ECDSA host keys.  These will only be used on fresh
+    installations or if you manually add 'HostKey
+    /etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config.
 
  -- Colin Watson <cjwatson@debian.org>  Mon, 24 Jan 2011 12:07:24 +0000
 
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 4ed956454..5c4c79d5c 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -131,6 +131,7 @@ host_keys_required() {
 		if echo "$protocol" | grep 2 >/dev/null; then
 			echo /etc/ssh/ssh_host_rsa_key
 			echo /etc/ssh/ssh_host_dsa_key
+			echo /etc/ssh/ssh_host_ecdsa_key
 		fi
 	fi
 }
@@ -166,6 +167,8 @@ create_keys() {
 		"$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
 	create_key "Creating SSH2 DSA key; this may take some time ..." \
 		"$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
+	create_key "Creating SSH2 ECDSA key; this may take some time ..." \
+		"$hostkeys" /etc/ssh/ssh_host_ecdsa_key -t ecdsa
 }
 
 
@@ -303,6 +306,7 @@ Protocol 2
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm
index 7258d5f99..655c1ae17 100644
--- a/debian/openssh-server.postrm
+++ b/debian/openssh-server.postrm
@@ -48,6 +48,7 @@ case $1 in
 		rm -f /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub
 		rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
 		rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
+		rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub
 		rm -f /etc/ssh/sshd_config
 		rm -f /etc/ssh/sshd_not_to_be_run
 		rmdir --ignore-fail-on-non-empty /etc/ssh
-- 
cgit v1.2.3