summaryrefslogtreecommitdiff
path: root/sshd-keygen
diff options
context:
space:
mode:
Diffstat (limited to 'sshd-keygen')
-rw-r--r--sshd-keygen40
1 files changed, 40 insertions, 0 deletions
diff --git a/sshd-keygen b/sshd-keygen
new file mode 100644
index 0000000..efd876c
--- /dev/null
+++ b/sshd-keygen
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# Create the host keys for the OpenSSH server.
+KEYTYPE=$1
+case $KEYTYPE in
+ "dsa") ;& # disabled in FIPS
+ "ed25519")
+ FIPS=/proc/sys/crypto/fips_enabled
+ if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then
+ exit 0
+ fi ;;
+ "rsa") ;; # always ok
+ "ecdsa") ;;
+ *) # wrong argument
+ exit 12 ;;
+esac
+KEY=/etc/ssh/ssh_host_${KEYTYPE}_key
+
+KEYGEN=/usr/bin/ssh-keygen
+if [[ ! -x $KEYGEN ]]; then
+ exit 13
+fi
+
+# remove old keys
+rm -f $KEY{,.pub}
+
+# create new keys
+if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
+ exit 1
+fi
+
+# sanitize permissions
+/usr/bin/chgrp ssh_keys $KEY
+/usr/bin/chmod 400 $KEY
+/usr/bin/chmod 400 $KEY.pub
+if [[ -x /usr/sbin/restorecon ]]; then
+ /usr/sbin/restorecon $KEY{,.pub}
+fi
+
+exit 0
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-30 12:09:52 +0000