From 24b6ed9bc1ef1538b8f3e254b30b1006f5e4d78f Mon Sep 17 00:00:00 2001
From: CoprDistGit <infra@openeuler.org>
Date: Mon, 2 Oct 2023 04:02:17 +0000
Subject: automatic import of openssh

---
 sshd-keygen | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 sshd-keygen

(limited to 'sshd-keygen')

diff --git a/sshd-keygen b/sshd-keygen
new file mode 100644
index 0000000..efd876c
--- /dev/null
+++ b/sshd-keygen
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# Create the host keys for the OpenSSH server.
+KEYTYPE=$1
+case $KEYTYPE in
+	"dsa") ;& # disabled in FIPS
+	"ed25519")
+		FIPS=/proc/sys/crypto/fips_enabled
+		if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then
+			exit 0
+		fi ;;
+	"rsa") ;; # always ok
+	"ecdsa") ;;
+	*) # wrong argument
+		exit 12 ;;
+esac
+KEY=/etc/ssh/ssh_host_${KEYTYPE}_key
+
+KEYGEN=/usr/bin/ssh-keygen
+if [[ ! -x $KEYGEN ]]; then
+	exit 13
+fi
+
+# remove old keys
+rm -f $KEY{,.pub}
+
+# create new keys
+if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
+	exit 1
+fi
+
+# sanitize permissions
+/usr/bin/chgrp ssh_keys $KEY
+/usr/bin/chmod 400 $KEY
+/usr/bin/chmod 400 $KEY.pub
+if [[ -x /usr/sbin/restorecon ]]; then
+	/usr/sbin/restorecon $KEY{,.pub}
+fi
+
+exit 0
-- 
cgit v1.2.3