sshd-keygen


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

#!/bin/bash

# Create the host keys for the OpenSSH server.
KEYTYPE=$1
case $KEYTYPE in
	"dsa") ;& # disabled in FIPS
	"ed25519")
		FIPS=/proc/sys/crypto/fips_enabled
		if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then
			exit 0
		fi ;;
	"rsa") ;; # always ok
	"ecdsa") ;;
	*) # wrong argument
		exit 12 ;;
esac
KEY=/etc/ssh/ssh_host_${KEYTYPE}_key

KEYGEN=/usr/bin/ssh-keygen
if [[ ! -x $KEYGEN ]]; then
	exit 13
fi

# remove old keys
rm -f $KEY{,.pub}

# create new keys
if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
	exit 1
fi

# sanitize permissions
/usr/bin/chgrp ssh_keys $KEY
/usr/bin/chmod 400 $KEY
/usr/bin/chmod 400 $KEY.pub
if [[ -x /usr/sbin/restorecon ]]; then
	/usr/sbin/restorecon $KEY{,.pub}
fi

exit 0