[openssh] use only rsa and ecdsa host keys by default

plautrba plautrba at fedoraproject.org
Wed Dec 11 14:18:26 UTC 2013


commit 2b2955a33280a3d00c65b2efa309046a20ef67e2
Author: Petr Lautrbach <plautrba at redhat.com>
Date:   Mon Dec 9 17:30:18 2013 +0100

    use only rsa and ecdsa host keys by default

 openssh-6.3p1-redhat.patch |   12 ++++++++++++
 sshd-keygen                |    7 ++++---
 sshd.sysconfig             |    8 +++++---
 3 files changed, 21 insertions(+), 6 deletions(-)
---
diff --git a/openssh-6.3p1-redhat.patch b/openssh-6.3p1-redhat.patch
index 5b1ec1d..d85244d 100644
--- a/openssh-6.3p1-redhat.patch
+++ b/openssh-6.3p1-redhat.patch
@@ -58,6 +58,18 @@ diff -up openssh-6.3p1/sshd_config.redhat openssh-6.3p1/sshd_config
  #Port 22
  #AddressFamily any
  #ListenAddress 0.0.0.0
+@@ -21,9 +25,9 @@
+ # HostKey for protocol version 1
+ #HostKey /etc/ssh/ssh_host_key
+ # HostKeys for protocol version 2
+-#HostKey /etc/ssh/ssh_host_rsa_key
++HostKey /etc/ssh/ssh_host_rsa_key
+ #HostKey /etc/ssh/ssh_host_dsa_key
+-#HostKey /etc/ssh/ssh_host_ecdsa_key
++HostKey /etc/ssh/ssh_host_ecdsa_key
+ 
+ # Lifetime and size of ephemeral version 1 server key
+ #KeyRegenerationInterval 1h
 @@ -35,6 +39,7 @@
  # Logging
  # obsoletes QuietMode and FascistLogging
diff --git a/sshd-keygen b/sshd-keygen
index 5f158fd..d54e4b9 100644
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -4,7 +4,7 @@
 #
 # The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
 # variable.
-AUTOCREATE_SERVER_KEYS=RSAONLY
+AUTOCREATE_SERVER_KEYS=NODSA
 
 # source function library
 . /etc/rc.d/init.d/functions
@@ -115,8 +115,9 @@ do_ecdsa_keygen() {
 if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
 	do_rsa_keygen
 	if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
-		do_rsa1_keygen
-		do_dsa_keygen
 		do_ecdsa_keygen
+		if [ "x${AUTOCREATE_SERVER_KEYS}" != xNODSA ]; then
+			do_dsa_keygen
+		fi
 	fi
 fi
diff --git a/sshd.sysconfig b/sshd.sysconfig
index 9a30a83..ddd7744 100644
--- a/sshd.sysconfig
+++ b/sshd.sysconfig
@@ -1,9 +1,11 @@
 # Configuration file for the sshd service.
 
-# The server keys are automatically generated if they ommited
-# to change the automatic creation uncomment the approprite 
-# line. The default is RSAONLY
+# The server keys are automatically generated if they omitted
+# to change the automatic creation uncomment the appropriate
+# line. The default is NODSA which means rsa and ecdsa keys are
+# generated.
 
+# AUTOCREATE_SERVER_KEYS=NODSA
 # AUTOCREATE_SERVER_KEYS=RSAONLY
 # AUTOCREATE_SERVER_KEYS=NO
 # AUTOCREATE_SERVER_KEYS=YES


More information about the scm-commits mailing list