diff options
| author | CoprDistGit <infra@openeuler.org> | 2023-10-02 04:02:17 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2023-10-02 04:02:17 +0000 |
| commit | 24b6ed9bc1ef1538b8f3e254b30b1006f5e4d78f (patch) | |
| tree | e2725d205951345a1c853965086be06d6a6cbf59 /sshd-keygen | |
| parent | c7ba49a1e66ed27d507eafa4da2b81838a2afa64 (diff) | |
automatic import of openssh
Diffstat (limited to 'sshd-keygen')
| -rw-r--r-- | sshd-keygen | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/sshd-keygen b/sshd-keygen new file mode 100644 index 0000000..efd876c --- /dev/null +++ b/sshd-keygen @@ -0,0 +1,40 @@ +#!/bin/bash + +# Create the host keys for the OpenSSH server. +KEYTYPE=$1 +case $KEYTYPE in + "dsa") ;& # disabled in FIPS + "ed25519") + FIPS=/proc/sys/crypto/fips_enabled + if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then + exit 0 + fi ;; + "rsa") ;; # always ok + "ecdsa") ;; + *) # wrong argument + exit 12 ;; +esac +KEY=/etc/ssh/ssh_host_${KEYTYPE}_key + +KEYGEN=/usr/bin/ssh-keygen +if [[ ! -x $KEYGEN ]]; then + exit 13 +fi + +# remove old keys +rm -f $KEY{,.pub} + +# create new keys +if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then + exit 1 +fi + +# sanitize permissions +/usr/bin/chgrp ssh_keys $KEY +/usr/bin/chmod 400 $KEY +/usr/bin/chmod 400 $KEY.pub +if [[ -x /usr/sbin/restorecon ]]; then + /usr/sbin/restorecon $KEY{,.pub} +fi + +exit 0 |